IT Employment

General discussion


Domain accounts lock out

By cgilless ·
We are running a Win2k A.D. domain, with several servers in different physical locations. Every month or so, the domain accounts will become locked out on their own. Sometimes this affects the entire domain users, sometimes just 1 or 2 organizational unit members. Our campus Win2k expert swears this is an indication that we are being hacked, but we see no evidence of hacking. Is this an anomaly in Win2k server that anyone else has ever seen? Any ideas where this might be coming from? Thanks.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

It sounds more like authent problems

by LordInfidel In reply to Domain accounts lock out

It sounds like if you have mulitple DC's and they are unable to replicate information with each other.

If someone tries to logon and they can't and they reach the default lock out attempts, then the domain will lock them out.

I doubt that you are being *hacked*.
But just in case, change the domain admin passwords and put auditing on all domain/enterpise admins.

(security measures)
Also did you rename the true domain admin account?
Did you set it's password to either 14 or 21 characters?
Did you rename the domain guest account to administrator and set a 28 charcter password to it and remove the description from the admin account and replace it into the guest account description?
Did you create a daily use domain admin account and set it's password to 14 charcters?
How many domain admins are there? Have them all change their passwords.

What is you default domain policy lockout policy and passsword expiration policy set to?

These are just some places to look.

Collapse -

Updt SP to latest, chk repl on all DC's

by shawkengin In reply to It sounds more like authe ...

I've seen this before on our servers and after updating to the latest SP and making sure replication was on-going, the problem was resolved. You will also find articles on Microsoft site indicating this behavior.

Microsoft Knowledge Base Article - Q278299

Collapse -

Account lock outs

by cgilless In reply to It sounds more like authe ...

Thanks to all for the suggestions. A few points: There are 4 d.c.'s in the domain setup to replicate to each other. (1&2 are in my physical location, 3&4 in another) D.C. 1 is the equivalent pdc. All servers are at sp3 and kept up to date withpatches, fixes,etc. The accounts lock out even though the user(s) are currently logged on to the domain, so it doesn't look like a lockout policy violation. The guest account is disabled, the true domain account renamed, and all servers are setup to be non-internet facing. From the responses, it looks to me more like an authentication problem related to A.D. replication. Which is what I've suspected but have had trouble convincing the forest administrators to check their A.D. replication. Any further ideas are appreciated. Thanks.

Collapse -

Seen before

by James Goerke In reply to Domain accounts lock out

Ive seen this before at one of my companies sites. A particular customer was hacking the system locally. What they were doing was acessing the domain account and somehow, im not sure how, causeing it to cycle a bunch of times which then logged everyone out. It was a huge problem, took forever to figure out. I am not sure if this is like your problem or not but it sounded similar. I would take the security measures mentioned a couple posts up and then search the logs.....

James Goerke
TheGeex Technologies
Get your FREE TheGeex IT CD V1.1 Today!

Related Discussions

Related Forums