Random Account Lockouts

  • Thread starter Thread starter Colin Watson
  • Start date Start date
C

Colin Watson

Has anyone come across this issue before. Today all user
accounts within the AD had there flags changed so that
all accounts became locked out. This is a 700 user
organisation and the only way we could get the users back
working was to manually go into all user accounts and
reset the account lockout flag.

On digging through the internet I've seen other
references to this issue but no solutions as yet.
 
Do you have Account Lockouts enabled? If so, there is always the possibility
of a systematic attack on your network designed to do precisely that. Is
there anything suspicious in the Event Logs?

As far as undoing it goes you can script it fairly easily (see TechNet's
script center for the basic procedure) which has got to be less painful than
doing it manually.

Andy
 
Most likely it wasn't random, however if you don't have auditing enabled you
will never know. You should be auditing logon failures (both types) and
looking at the events generated.

In the meanwhile, there is a tool on the free win32 tools page of
www.joeware.net that could of unlocked every account in your domain in a
very short time frame... It is called unlock.
 
Back
Top