Sunday, 20 January 2013

Find which machine is locking your NT account out

Sometimes (usually after a password change) your account gets locked out fairly regularly. This is often caused by being RDP'd on to one server or another and not logged off since the password change.
To find out which machine is locking the account connect to the event viewer of the domain controller that you authenticate to and search for event 4070.

A user account was locked out.
Subject:
   Security ID:  SYSTEM
   Account Name:  Workstation$
   Account Domain:  MyDomain
   Logon ID:  0x3e7
Account That Was Locked Out:
   Security ID:  Workstation\Account1    
Account Name:  Account1
Additional Information:
   Caller Computer Name: Workstation
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)