Sign in with
Sign up | Sign in
Your question

All AD User Accounts Locked

Last response: in Windows 2000/NT
Share
Anonymous
November 29, 2004 4:35:37 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi Guys

I have a problem with all my domain user accounts locking out at the same
time. It happens fairly randomly and we cannot identify any particular event
that causes this. We have a 2000 domain in mixed mode with 95/98/2000/xp
clients. Has anyone come across this before, or knows of a reason why this
is happening?

Also, does anyone have a script for unlocking all user accounts?

Thanks in advance for any help.

More about : user accounts locked

Anonymous
November 29, 2004 5:11:02 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

May not be your solution but probably you can for viruses.

For unlocking account, you can take a reference here.

http://www.microsoft.com/technet/scriptcenter/scripts/a...

BR,
Denis

"Patrick Ruane" wrote:

> Hi Guys
>
> I have a problem with all my domain user accounts locking out at the same
> time. It happens fairly randomly and we cannot identify any particular event
> that causes this. We have a 2000 domain in mixed mode with 95/98/2000/xp
> clients. Has anyone come across this before, or knows of a reason why this
> is happening?
>
> Also, does anyone have a script for unlocking all user accounts?
>
> Thanks in advance for any help.
Anonymous
November 29, 2004 3:14:00 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

This white paper describes how these settings affect account lockout and
makes some general recommendations for configuring and troubleshooting
account lockout issues.
http://www.microsoft.com/downloads/details.aspx?FamilyI...

Regards,
/Jimmy
--
Jimmy Andersson, Q Advice AB
Microsoft MVP - Directory Services
---------- www.qadvice.com ----------


"Patrick Ruane" <Patrick Ruane@discussions.microsoft.com> wrote in message
news:336F9C48-EEA3-429B-AE10-78976351D5F0@microsoft.com...
> Hi Guys
>
> I have a problem with all my domain user accounts locking out at the same
> time. It happens fairly randomly and we cannot identify any particular
> event
> that causes this. We have a 2000 domain in mixed mode with 95/98/2000/xp
> clients. Has anyone come across this before, or knows of a reason why
> this
> is happening?
>
> Also, does anyone have a script for unlocking all user accounts?
>
> Thanks in advance for any help.
Related resources
Anonymous
November 29, 2004 11:01:44 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

I have seen this a few times and it has always been a virus. Make sure you
have auditing on and then enable accounts. The watch to see the failed
attempts on passwords... as they fail, the accounts will lock -- if its the
virus problem.

I can't remember the virus specifically, but UPDATE and so a full virus
sweep of your environment. If you can't do that -- spend the money and
deploy a full AV solution, otherwise cash in your chips and go home.

If its just an odd matter with your accounts locking, you can find samples
of ADSI scripts that will loop through accounts and change an attribute. I
would bet dollars to doughnuts, though, that its a virus.

--
Ryan Hanisco
MCSE, MCDBA
Flagship Integration Services


"Patrick Ruane" <Patrick Ruane@discussions.microsoft.com> wrote in message
news:336F9C48-EEA3-429B-AE10-78976351D5F0@microsoft.com...
> Hi Guys
>
> I have a problem with all my domain user accounts locking out at the same
> time. It happens fairly randomly and we cannot identify any particular
event
> that causes this. We have a 2000 domain in mixed mode with 95/98/2000/xp
> clients. Has anyone come across this before, or knows of a reason why
this
> is happening?
>
> Also, does anyone have a script for unlocking all user accounts?
>
> Thanks in advance for any help.
Anonymous
November 30, 2004 4:35:10 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Thanks Ryan, I thought it was virus related, so I updated my antivirus after
the first time. Unfortunately I have a site in a different country that I
have less control over and it looks like that's where the virus is coming
from :( 

I'll get the local IT guy to have a look for me. Do you know of anywhere I
can get a script to unlock all my accounts when it happens? I've been
looking in the Microsoft scripting archive but sadly it doesn't have anything
I can use.

Patrick.

"Ryan Hanisco" wrote:

> I have seen this a few times and it has always been a virus. Make sure you
> have auditing on and then enable accounts. The watch to see the failed
> attempts on passwords... as they fail, the accounts will lock -- if its the
> virus problem.
>
> I can't remember the virus specifically, but UPDATE and so a full virus
> sweep of your environment. If you can't do that -- spend the money and
> deploy a full AV solution, otherwise cash in your chips and go home.
>
> If its just an odd matter with your accounts locking, you can find samples
> of ADSI scripts that will loop through accounts and change an attribute. I
> would bet dollars to doughnuts, though, that its a virus.
>
> --
> Ryan Hanisco
> MCSE, MCDBA
> Flagship Integration Services
>
>
> "Patrick Ruane" <Patrick Ruane@discussions.microsoft.com> wrote in message
> news:336F9C48-EEA3-429B-AE10-78976351D5F0@microsoft.com...
> > Hi Guys
> >
> > I have a problem with all my domain user accounts locking out at the same
> > time. It happens fairly randomly and we cannot identify any particular
> event
> > that causes this. We have a 2000 domain in mixed mode with 95/98/2000/xp
> > clients. Has anyone come across this before, or knows of a reason why
> this
> > is happening?
> >
> > Also, does anyone have a script for unlocking all user accounts?
> >
> > Thanks in advance for any help.
>
>
>
December 3, 2004 1:37:55 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

I just suffered the same exact scenario, twice, from our HQ in another
country. The way to identify the problem quickly, is 1) review security
logs on domain controllers (security logs will indicate the workstation name
that is locking the account our. You will see many entries for your
accounts, but likely on one workstation. 2) As in our case, DNS/WINS/DHCP
did not have a listing for the workstation name. The accounts could only be
locked out via our Domain controllers, so I ran the netstat command on each
Domain Controller to see which one had a session with the suspected
workstation. 3) Once I identified which domain controller was locking the
accounts out, I ran NBTSTAT -c to review the remote name cache. There I
found the name & ip address pair. 4) Now that I had a IP address, I routed
all traffic from the offending host to NULL0 on our router or switch.

Rob


"Patrick Ruane" <Patrick Ruane@discussions.microsoft.com> wrote in message
news:336F9C48-EEA3-429B-AE10-78976351D5F0@microsoft.com...
> Hi Guys
>
> I have a problem with all my domain user accounts locking out at the same
> time. It happens fairly randomly and we cannot identify any particular
> event
> that causes this. We have a 2000 domain in mixed mode with 95/98/2000/xp
> clients. Has anyone come across this before, or knows of a reason why
> this
> is happening?
>
> Also, does anyone have a script for unlocking all user accounts?
>
> Thanks in advance for any help.
Anonymous
December 3, 2004 8:09:01 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Thanks Rob. We identified the problem as being caused by the Gaobot virus
(updates didn't pick it up unfortunately). I've written a couple of scripts,
one to unlock all domain accounts if it happens again (not the most secure
thing in the world, but only temporary) and another one that runs at system
startup that deletes the virus, registry keys and modifies the hosts file,
oh, and emails me what it has done :)  (as you can tell, i'm proud of that
one). If anyone wants any sample scripts, let me know.

"Rob" wrote:

> I just suffered the same exact scenario, twice, from our HQ in another
> country. The way to identify the problem quickly, is 1) review security
> logs on domain controllers (security logs will indicate the workstation name
> that is locking the account our. You will see many entries for your
> accounts, but likely on one workstation. 2) As in our case, DNS/WINS/DHCP
> did not have a listing for the workstation name. The accounts could only be
> locked out via our Domain controllers, so I ran the netstat command on each
> Domain Controller to see which one had a session with the suspected
> workstation. 3) Once I identified which domain controller was locking the
> accounts out, I ran NBTSTAT -c to review the remote name cache. There I
> found the name & ip address pair. 4) Now that I had a IP address, I routed
> all traffic from the offending host to NULL0 on our router or switch.
>
> Rob
>
>
> "Patrick Ruane" <Patrick Ruane@discussions.microsoft.com> wrote in message
> news:336F9C48-EEA3-429B-AE10-78976351D5F0@microsoft.com...
> > Hi Guys
> >
> > I have a problem with all my domain user accounts locking out at the same
> > time. It happens fairly randomly and we cannot identify any particular
> > event
> > that causes this. We have a 2000 domain in mixed mode with 95/98/2000/xp
> > clients. Has anyone come across this before, or knows of a reason why
> > this
> > is happening?
> >
> > Also, does anyone have a script for unlocking all user accounts?
> >
> > Thanks in advance for any help.
>
>
>
July 20, 2009 7:08:12 PM

Quote:
Archived from groups: microsoft.public.win2000.active_directory (More info?)

May not be your solution but probably you can for viruses.

For unlocking account, you can take a reference here.

http://www.microsoft.com/technet/scriptcenter/scripts/a...

BR,
Denis

"Patrick Ruane" wrote:

> Hi Guys
>
> I have a problem with all my domain user accounts locking out at the same
> time. It happens fairly randomly and we cannot identify any particular event
> that causes this. We have a 2000 domain in mixed mode with 95/98/2000/xp
> clients. Has anyone come across this before, or knows of a reason why this
> is happening?
>
> Also, does anyone have a script for unlocking all user accounts?
>
> Thanks in advance for any help.


Hi there,

I am looking for Patrick Ruane ex Castrol, Pangbourne UK. He knew Barry Purdon very well. If anyone out there knows him please email us!

Kind regards
Barry Purdon
barry8@telkomsa.net
!