dns crash causes admin privilege accts to lock

Archived from groups: microsoft.public.win2000.dns (More info?)

Please help.
My primary dns server had to be shutdown ungracefully this
morning. After bringing the server up, I tried to login
and found my account was locked. This has also happened
in the past.

I had to unlock all accounts belonging to the Domain
Admins group.

Any ideas???
6 answers Last reply
More about crash admin privilege accts lock
  1. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:1fcf201c45870$5857d870$a101280a@phx.gbl,
    quigley <anonymous@discussions.microsoft.com> posted a question
    Then Kevin replied below:
    > Please help.
    > My primary dns server had to be shutdown ungracefully this
    > morning. After bringing the server up, I tried to login
    > and found my account was locked. This has also happened
    > in the past.
    >
    > I had to unlock all accounts belonging to the Domain
    > Admins group.
    >
    > Any ideas???

    Hacker?

    Only the built in Administrator account cannot be locked out. That is why
    you should rename the account.


    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ============================
    --
    When responding to posts, please "Reply to Group" via your
    newsreader so that others may learn and benefit from your issue.
    To respond directly to me remove the nospam. from my email.
    ==========================================
    http://www.lonestaramerica.com/
    ==========================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ==========================================
    Keep a back up of your OE settings and folders with
    OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ==========================================
  2. Archived from groups: microsoft.public.win2000.dns (More info?)

    Nope not a hacker.
    A UNIX admin turned into a Windows admin by force.
    The Administrator account did not get locked out.
    Only other accounts belonging to the Admin Groups were
    locked, but why??? Is the PDC dependent on DNS?
    >-----Original Message-----
    >In news:1fcf201c45870$5857d870$a101280a@phx.gbl,
    >quigley <anonymous@discussions.microsoft.com> posted a
    question
    >Then Kevin replied below:
    >> Please help.
    >> My primary dns server had to be shutdown ungracefully
    this
    >> morning. After bringing the server up, I tried to login
    >> and found my account was locked. This has also happened
    >> in the past.
    >>
    >> I had to unlock all accounts belonging to the Domain
    >> Admins group.
    >>
    >> Any ideas???
    >
    >Hacker?
    >
    >Only the built in Administrator account cannot be locked
    out. That is why
    >you should rename the account.
    >
    >
    >--
    >Best regards,
    >Kevin D4 Dad Goodknecht Sr. [MVP]
    >Hope This Helps
    >============================
    >--
    >When responding to posts, please "Reply to Group" via
    your
    >newsreader so that others may learn and benefit from your
    issue.
    >To respond directly to me remove the nospam. from my
    email.
    >==========================================
    > http://www.lonestaramerica.com/
    >==========================================
    >Use Outlook Express?... Get OE_Quotefix:
    >It will strip signature out and more
    > http://home.in.tum.de/~jain/software/oe-quotefix/
    >==========================================
    >Keep a back up of your OE settings and folders with
    >OEBackup:
    > http://www.oehelp.com/OEBackup/Default.aspx
    >==========================================
    >
    >
    >.
    >
  3. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:20c2501c45944$a7340930$a001280a@phx.gbl,
    anonymous@discussions.microsoft.com <anonymous@discussions.microsoft.com>
    posted a question
    Then Kevin replied below:
    > Nope not a hacker.
    > A UNIX admin turned into a Windows admin by force.
    > The Administrator account did not get locked out.
    > Only other accounts belonging to the Admin Groups were
    > locked, but why??? Is the PDC dependent on DNS?

    Yes, Active Directory depends on DNS, all members and DCs must use the AD
    DNS.


    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ============================
    --
    When responding to posts, please "Reply to Group" via your
    newsreader so that others may learn and benefit from your issue.
    To respond directly to me remove the nospam. from my email.
    ==========================================
    http://www.lonestaramerica.com/
    ==========================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ==========================================
    Keep a back up of your OE settings and folders with
    OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ==========================================
  4. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:20c2501c45944$a7340930$a001280a@phx.gbl,
    anonymous@discussions.microsoft.com <anonymous@discussions.microsoft.com>
    posted their thoughts, then I offered mine
    > Nope not a hacker.
    > A UNIX admin turned into a Windows admin by force.
    > The Administrator account did not get locked out.
    > Only other accounts belonging to the Admin Groups were
    > locked, but why??? Is the PDC dependent on DNS?

    Just to point out, there is no such thing as a PDC in AD.

    As Kevin said, AD absolutely requires DNS. DNS stores all it's service and
    resource locations in the form of those SRV records. That's how AD "finds"
    itself and how the clients 'find' domain resources, such as a domaion
    controller to authenticate logons, for instance (among other things). If the
    machine is misconfigured to use the ISP's DNS or some other DNS, possibly
    for some other reason, like Internet access, then that will cause *numerous*
    issues as well. You must only use the DNS server that is hosting the AD zone
    by all machines (DCs and clients). Configure a forwarder for efficient
    Internet resolution.

    --
    Regards,
    Ace

    Please direct all replies to the newsgroup so all can benefit.
    This posting is provided "AS-IS" with no warranties and confers no
    rights.

    Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
    Microsoft Windows MVP - Active Directory

    HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
    pig. --
    =================================
  5. Archived from groups: microsoft.public.win2000.dns (More info?)

    Ok. Thanks for the clarification.
    More info on my end. I'm still using Windows NT, hence
    the reason for PDC. When the Primary DNS Server, which is
    on W2K goes down, ALL user accounts in the Admin Groups
    get locked out ... why? Are the domain controllers
    dependent on this Primary DNS Server? Is there a way to
    change this?
    >-----Original Message-----
    >In news:20c2501c45944$a7340930$a001280a@phx.gbl,
    >anonymous@discussions.microsoft.com
    <anonymous@discussions.microsoft.com>
    >posted their thoughts, then I offered mine
    >> Nope not a hacker.
    >> A UNIX admin turned into a Windows admin by force.
    >> The Administrator account did not get locked out.
    >> Only other accounts belonging to the Admin Groups were
    >> locked, but why??? Is the PDC dependent on DNS?
    >
    >Just to point out, there is no such thing as a PDC in AD.
    >
    >As Kevin said, AD absolutely requires DNS. DNS stores all
    it's service and
    >resource locations in the form of those SRV records.
    That's how AD "finds"
    >itself and how the clients 'find' domain resources, such
    as a domaion
    >controller to authenticate logons, for instance (among
    other things). If the
    >machine is misconfigured to use the ISP's DNS or some
    other DNS, possibly
    >for some other reason, like Internet access, then that
    will cause *numerous*
    >issues as well. You must only use the DNS server that is
    hosting the AD zone
    >by all machines (DCs and clients). Configure a forwarder
    for efficient
    >Internet resolution.
    >
    >--
    >Regards,
    >Ace
    >
    >Please direct all replies to the newsgroup so all can
    benefit.
    >This posting is provided "AS-IS" with no warranties and
    confers no
    >rights.
    >
    >Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
    >Microsoft Windows MVP - Active Directory
    >
    >HAM AND EGGS: A day's work for a chicken; A lifetime
    commitment for a
    >pig. --
    >=================================
    >
    >
    >.
    >
  6. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:2133d01c45a32$e1433800$a401280a@phx.gbl,
    quigley <anonymous@discussions.microsoft.com> posted their thoughts, then I
    offered mine
    > Ok. Thanks for the clarification.
    > More info on my end. I'm still using Windows NT, hence
    > the reason for PDC. When the Primary DNS Server, which is
    > on W2K goes down, ALL user accounts in the Admin Groups
    > get locked out ... why? Are the domain controllers
    > dependent on this Primary DNS Server? Is there a way to
    > change this?

    I guess we were all assuming you had AD. Since you dont and you are still on
    NT4 and do not have AD deployed as of yet, then DNS has nothing to do with
    NT4's directory services.

    Are there any event log errors?
    Are there any policy in place, such as password policies and account lockout
    policies?
    Are there any other administrators or persons that uses the default
    administrator account?
    Do you have auditing configured? With this you can correlate lockout times
    with whatever is happening at that moment in time.
    Do you have a firewall in place?
    Intrusion detection?


    --
    Regards,
    Ace

    Please direct all replies to the newsgroup so all can benefit.
    This posting is provided "AS-IS" with no warranties and confers no
    rights.

    Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
    Microsoft Windows MVP - Active Directory

    HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
    pig. --
    =================================
Ask a new question

Read More

DNS Windows