Account Lock Out's - Urgent!!

  • Thread starter Thread starter Tom White
  • Start date Start date
T

Tom White

Help!

The system seems to be automaticaly locking out ALL
accounts in the domain automatically. Even if I cancel the
lockout from within the Active Directory snap in, it
returns with 10 minutes or so. I have no lock out policys
enabled.

The only thing I can think of is that I have changed from
mixed to native mode today.

Does anyone know why this might be?
 
Account lockouts are usually caused when applications send bad passwords to
the domain controllers. It could also occur if you have services that start
using a user account that has a new password or if you have logon scripts
that map drives using old user credentials.
There are several steps that you can take to troubleshoot account lockouts.
For detailed information and tools for troubleshooting account lockouts take
a look at the resources below.

I recommend that you review the following links

Account Policy whitepaper

http://www.microsoft.com/technet/tr...ndowsserver2003/maintain/operate/BPACTLCK.asp

Account lockout management tools

http://microsoft.com/downloads/deta...9C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en

Account Best Practices

http://www.microsoft.com/technet/tr...oddocs/entserver/windows_password_protect.asp

Account Lockout Webcast

http://support.microsoft.com/default.aspx?scid=/servicedesks/webcasts/wc022703/wcblurb022703.asp


--
Tim Hines, MCSE, MCSA
Windows 2000 Directory Services

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
 
Yeah I understand the principles but what I don't
understand is why all of the accounts are suddenly locked
out when none of my users have changed their passwords and
there are no scheduled tasks, services or mapped drives
using alternative credentials or anything. I haven't
changed anything except the domain mode!! Thanks for the
resources though very useful.
 
It could be a virus. There are some that enumerate user accounts and
perform a brute force attack. I can't think of the names of any of them at
the time. I'll search for them. In the meantime you should scan your
systems for viruses. There is an online scan that you can run at
http://housecall.trendmicro.com. I sometimes run this even when my local AV
software does not find anything because sometimes the online scanner will.


--
Tim Hines, MCSE, MCSA
Windows 2000 Directory Services

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
 
Back
Top