dns crash causes admin privilege accts to lock

  • Thread starter Thread starter quigley
  • Start date Start date
Q

quigley

Please help.
My primary dns server had to be shutdown ungracefully this
morning. After bringing the server up, I tried to login
and found my account was locked. This has also happened
in the past.

I had to unlock all accounts belonging to the Domain
Admins group.

Any ideas???
 
In
quigley said:
Please help.
My primary dns server had to be shutdown ungracefully this
morning. After bringing the server up, I tried to login
and found my account was locked. This has also happened
in the past.

I had to unlock all accounts belonging to the Domain
Admins group.

Any ideas???
Click to expand...

Hacker?

Only the built in Administrator account cannot be locked out. That is why
you should rename the account.
 
Nope not a hacker.
A UNIX admin turned into a Windows admin by force.
The Administrator account did not get locked out.
Only other accounts belonging to the Admin Groups were
locked, but why??? Is the PDC dependent on DNS?
 
In (e-mail address removed) <[email protected]>
posted a question
Then Kevin replied below:
Nope not a hacker.
A UNIX admin turned into a Windows admin by force.
The Administrator account did not get locked out.
Only other accounts belonging to the Admin Groups were
locked, but why??? Is the PDC dependent on DNS?
Click to expand...

Yes, Active Directory depends on DNS, all members and DCs must use the AD
DNS.
 
In
Nope not a hacker.
A UNIX admin turned into a Windows admin by force.
The Administrator account did not get locked out.
Only other accounts belonging to the Admin Groups were
locked, but why??? Is the PDC dependent on DNS?
Click to expand...

Just to point out, there is no such thing as a PDC in AD.

As Kevin said, AD absolutely requires DNS. DNS stores all it's service and
resource locations in the form of those SRV records. That's how AD "finds"
itself and how the clients 'find' domain resources, such as a domaion
controller to authenticate logons, for instance (among other things). If the
machine is misconfigured to use the ISP's DNS or some other DNS, possibly
for some other reason, like Internet access, then that will cause *numerous*
issues as well. You must only use the DNS server that is hosting the AD zone
by all machines (DCs and clients). Configure a forwarder for efficient
Internet resolution.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================
 
Ok. Thanks for the clarification.
More info on my end. I'm still using Windows NT, hence
the reason for PDC. When the Primary DNS Server, which is
on W2K goes down, ALL user accounts in the Admin Groups
get locked out ... why? Are the domain controllers
dependent on this Primary DNS Server? Is there a way to
change this?
 
In
quigley said:
Ok. Thanks for the clarification.
More info on my end. I'm still using Windows NT, hence
the reason for PDC. When the Primary DNS Server, which is
on W2K goes down, ALL user accounts in the Admin Groups
get locked out ... why? Are the domain controllers
dependent on this Primary DNS Server? Is there a way to
change this?
Click to expand...

I guess we were all assuming you had AD. Since you dont and you are still on
NT4 and do not have AD deployed as of yet, then DNS has nothing to do with
NT4's directory services.

Are there any event log errors?
Are there any policy in place, such as password policies and account lockout
policies?
Are there any other administrators or persons that uses the default
administrator account?
Do you have auditing configured? With this you can correlate lockout times
with whatever is happening at that moment in time.
Do you have a firewall in place?
Intrusion detection?


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================
 
Back
Top