Account Lockout Troubleshooting

J

Joe

Hello All:

Have a question. Recently upgraded the domain from NT4.0 to 2000 AD.
Everything's fine but having an account lockout issue which I was looking
into and I discovered the following:

On the NT 4.0 PDC that was the first to be upgraded, it is not recording any
account lockouts. If I intentionally lockout a testusere account, using the
account lockout tool, I can see the account listed as locked on our 2 other
DC's, but not the original PDC now DC.

I also cannot find any 644 events being logged anywhere on any DC's despite
having logging for this enabled. Can anyone offer some insight to any of
this..

Thanks

Joe
 
J

Joe

They're in the smae site and no, not running NT any longer. Still in mixed
mode however.
 
P

Paul Bergson

Run diagnostics against your Active Directory domain.

If you don't have the tools installed, install them from your server install
disk.
d:\support\tools\setup.exe

Run dcdiag, netdiag and repadmin in verbose mode.
-> dcdiag /e /c /v /s:DC_Name /f:c:\dcdiag.log
-> netdiag.exe /v > c:\netdiag.log
-> repadmin.exe /showrepl dc* /verbose /all /intersite > c:\repl.txt

If you download a gui script I wrote it should be simple to set and run
(DCDiag and NetDiag). It also has the option to run

individual tests without having to learn all the switch options. The
details will be output in notepad text files that pop

up automagically.

The script is located in the download section on my website at
http://www.pbbergs.com

Just select both dcdiag and netdiag make sure verbose is set. (Leave the
default settings for dcdiag as set when selected)

When complete search for fail, error and warning messages.

--
Paul Bergson

MCT, MCSE, MCSA, Security+, BS CSi
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Logon/lofoff,Lockout entries not in Event log 2
Account Lockout Problems 1
Question on Account Lockout - Urgent 2
Account Lockout 5
Account lockout not happening 1
Account Lockout Script 2
Account Lockout Problem 1
Account lockout fails 1

Top