General discussion

Locked

Domain accounts lock out

By cgilless ·
We are running a Win2k A.D. domain, with several servers in different physical locations. Every month or so, the domain accounts will become locked out on their own. Sometimes this affects the entire domain users, sometimes just 1 or 2 organizational unit members. Our campus Win2k expert swears this is an indication that we are being hacked, but we see no evidence of hacking. Is this an anomaly in Win2k server that anyone else has ever seen? Any ideas where this might be coming from? Thanks.

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Domain accounts lock out

by CG IT In reply to Domain accounts lock out

Are these OU's in a subdomain? Has there been any changes in the AD Domains & Trusts? Has there been any changes to GPO's for those OU's? It's quite possible a hacker [or someone with admin access] to change the GPO's associated with those OU's which would cause them to be denied access. You may not always know when a "hacker" enters your system. Especially if said "hacker" is using on onsite computer and has knowledge of AD users and computers info and passwords.

Collapse -

Domain accounts lock out

by cgilless In reply to Domain accounts lock out

Poster rated this answer

Collapse -

Domain accounts lock out

by LordInfidel In reply to Domain accounts lock out

I posted this yesterday to your discussion:

It sounds more like authent problems
It sounds like if you have mulitple DC's and they are unable to replicate information with each other.

If someone tries to logon and they can't and they reach the default lock out attempts, then the domain will lock them out.

I doubt that you are being *hacked*.
But just in case, change the domain admin passwords and put auditing on all domain/enterpise admins.

(security measures)
Also did you rename the true domain admin account?
Did you set it's password to either 14 or 21 characters?
Did you rename the domain guest account to administrator and set a 28 charcter password to it and remove the description from the admin account and replace it into the guest account description?
Did you create a daily use domain admin account and set it's password to 14 charcters?
How many domain admins are there? Have them all change their passwords.

What is you default domain policy lockout policy and passsword expiration policy set to?

These are just some places to look.

Collapse -

Domain accounts lock out

by cgilless In reply to Domain accounts lock out

Poster rated this answer

Collapse -

Domain accounts lock out

by Marty2001 In reply to Domain accounts lock out

If the accounts authenticate to other servers eg Novell or other domains, and the password is incorrect, then the account is locked out rapidly if it is set to lockout after 9 attempts
The user often does not need to access the other domain/authenticating mechanism, but I have seen this cause repeated lockouts at sites that have had lockout after 30 failed attempts.
This will not be the case if you only have one domain and all W2k
It could also occur if you have split up into sites and site group policy is disallowing access to certain files without nitifying the user - and again they lock out
If none of these, please feel free to reject this answer

Collapse -

Domain accounts lock out

by cgilless In reply to Domain accounts lock out

Poster rated this answer

Collapse -

Domain accounts lock out

by cgilless In reply to Domain accounts lock out

This question was closed by the author

Back to Windows Forum
7 total posts (Page 1 of 1)  

Related Forums