Random Account Lockouts

C

Colin Watson

Has anyone come across this issue before. Today all user
accounts within the AD had there flags changed so that
all accounts became locked out. This is a 700 user
organisation and the only way we could get the users back
working was to manually go into all user accounts and
reset the account lockout flag.

On digging through the internet I've seen other
references to this issue but no solutions as yet.
 
A

Andy Cadley

Do you have Account Lockouts enabled? If so, there is always the possibility
of a systematic attack on your network designed to do precisely that. Is
there anything suspicious in the Event Logs?

As far as undoing it goes you can script it fairly easily (see TechNet's
script center for the basic procedure) which has got to be less painful than
doing it manually.

Andy
 
J

Joe Richards [MVP]

Most likely it wasn't random, however if you don't have auditing enabled you
will never know. You should be auditing logon failures (both types) and
looking at the events generated.

In the meanwhile, there is a tool on the free win32 tools page of
www.joeware.net that could of unlocked every account in your domain in a
very short time frame... It is called unlock.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top