TechTalkz.com Logo Ask the Experts!

Go Back   TechTalkz.com Technology & Computer Troubleshooting Forums > Tech Support Archives > Microsoft > Windows Server 2003

How to find where a username is trying to log on from

Windows Server 2003

 
 
Thread Tools Display Modes
Unread 15-02-2008, 01:18 PM   #1
gbug
Guest
 
Posts: n/a
How to find where a username is trying to log on from

Hi all, i am having many problems with my AD. Continuously throughout the day
i receive event stating: "Active Directory could not update the following
object with changes received from the domain controller at the following
network address because Active Directory was busy processing information.",
and this one as well "The SAM database was unable to lockout the account of
'username' due to a resource error, such as a hard disk write failure (the
specific error code is in the error data) . Accounts are locked after a
certain number of bad passwords are provided so please consider resetting the
password of the account mentioned above."

Both events have to do with the same account - our main administrator
account. I want to find out where this account is logged onto, and where
logon requests are coming from. I am trying to figure out why these error
messages are occuring, and potentially remove this admin account from running
any services, etc.


 
Unread 16-02-2008, 12:08 PM   #2
Paul Bergson [MVP-DS]
Guest
 
Posts: n/a
Re: How to find where a username is trying to log on from

Is the account logged into more than one machine or is it running a service
on the same machine? A user could have mapped drives to a resource from one
machine, on a different machine he changes his password and then the first
machine attempts to stay mapped to a drive and the password is no longer
correct and eventually locks the user out. Or after a password is changed a
service is running that attempts to authenticate with an old password.

To help try and track down where the account is getting locked out use
eventcombMT.exe from the Account Lockout tools found out Microsoft's
website. Use the built in search AccountLockouts and search in the created
text files for the user in question.

http://www.microsoft.com/downloads/d...displaylang=en


You can also set the debug flag on NetLogon to track authentication. "This
creates a text file on the PDC that can be examined to determine which
clients are generating the bad password attempts."
http://support.microsoft.com/kb/189541
http://support.microsoft.com/kb/109626

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

"gbug" <gbug@discussions.microsoft.com> wrote in message
news:22F20B77-7859-4A9F-B9D5-F2C7E007C4DC@microsoft.com...
> Hi all, i am having many problems with my AD. Continuously throughout the
> day
> i receive event stating: "Active Directory could not update the following
> object with changes received from the domain controller at the following
> network address because Active Directory was busy processing
> information.",
> and this one as well "The SAM database was unable to lockout the account
> of
> 'username' due to a resource error, such as a hard disk write failure (the
> specific error code is in the error data) . Accounts are locked after a
> certain number of bad passwords are provided so please consider resetting
> the
> password of the account mentioned above."
>
> Both events have to do with the same account - our main administrator
> account. I want to find out where this account is logged onto, and where
> logon requests are coming from. I am trying to figure out why these error
> messages are occuring, and potentially remove this admin account from
> running
> any services, etc.
>
>



 
 

Thread Tools
Display Modes



< Home - Windows Help - MS Office Help - Hardware Support >


New To Site? Need Help?

All times are GMT. The time now is 07:27 PM.


vBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO
Copyright © 2005-2013, TechTalkz.com. All Rights Reserved - Privacy Policy
Valid XHTML 1.0 Transitional