|
Posted by Meinolf Weber [MVP-DS] on January 25, 2010, 4:22 pm
Please log in for more thread options
Hello Brad,
Start with account lockout tools and also check for conficker, see the following
articles:
http://technet.microsoft.com/en-us/library/cc738772(WS.10).aspx
http://www.microsoft.com/downloads/details.aspx?familyid=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en
http://support.microsoft.com/kb/109626
http://www.pbbergs.com/windows/articles/UserAccountLockoutTroubleshooting.html
http://support.microsoft.com/kb/962007
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
show/hide quoted text
> We're running a W2K3 Active Directory environment. We have a problem
> with user's AD accounts getting locked out unexpectedly. An
> examination of the domain controller security event logs shows nothing
> like any bad password attempts leading up to the lockout. We did find
> a series of LSASRV events in the local PC System log, Event IDs 40961,
> and 40961, and in the Application log there were two USERENV events,
> IDs 1006 and 1030, coinciding exactly with the time the accounts get
> locked out. Google and Bing searches were not fruitful. I would
> appreciate any suggestions on where to look for information that would
> shed light on what relation, if any, these events have on the account
> getting locked out.
>
|
> with user's AD accounts getting locked out unexpectedly. An
> examination of the domain controller security event logs shows nothing
> like any bad password attempts leading up to the lockout. We did find
> a series of LSASRV events in the local PC System log, Event IDs 40961,
> and 40961, and in the Application log there were two USERENV events,
> IDs 1006 and 1030, coinciding exactly with the time the accounts get
> locked out. Google and Bing searches were not fruitful. I would
> appreciate any suggestions on where to look for information that would
> shed light on what relation, if any, these events have on the account
> getting locked out.
>