psycogi
10-09-2003, 01:26 AM
Good morning all,
I have recently started as an IT Admin at a firm, and we are continually encountering this strange problem. Every once in a while, ALL of our user accounts in ActiveDirectory LOCK. The following is what I get out of event viewer on the server, they have an Event ID of 644, and the description is as follows:
User Account Locked Out:
Target Account Name: [Username]
Target Account ID: [Domain\Username]
Caller Machine Name: DARIO [This is an unknown machine to me, cannot find it on the network anywhere!]
Caller User Name: [Our main server name, followed by $, eg: server$]
Caller Domain: [Our Domain]
Caller Logon ID: (0x0,0x3E7)
There is one of these messages per user on out network, along with a 642 event ID message as follows:
User Account Changed:
Account Locked.
Target Account Name: [Username]
Target Domain: [Domain]
Target Account ID: [Domain\Username]
Caller User Name: [Primary Server$]
Caller Domain: [Server]
Caller Logon ID: (0x0,0x3E7)
Privileges: -
Has anyone ever seen this before? or experienced something similar?? and my other question, is there a way of unlocking all the domain accounts easily, as im getting pretty tired of going through them all 1 by 1 :s My collegue is currently working on a vbscript/asp page that will go through them all and unlock them, but he is tied up with other problems and hasnt been able to finish it.
Sorry if it seems long winded, and i will greatly appreciate any information.
Thanks a lot
<P ID="edit"><FONT class="small">Edited by psycogi on 10/09/03 00:37.</FONT></P>
I have recently started as an IT Admin at a firm, and we are continually encountering this strange problem. Every once in a while, ALL of our user accounts in ActiveDirectory LOCK. The following is what I get out of event viewer on the server, they have an Event ID of 644, and the description is as follows:
User Account Locked Out:
Target Account Name: [Username]
Target Account ID: [Domain\Username]
Caller Machine Name: DARIO [This is an unknown machine to me, cannot find it on the network anywhere!]
Caller User Name: [Our main server name, followed by $, eg: server$]
Caller Domain: [Our Domain]
Caller Logon ID: (0x0,0x3E7)
There is one of these messages per user on out network, along with a 642 event ID message as follows:
User Account Changed:
Account Locked.
Target Account Name: [Username]
Target Domain: [Domain]
Target Account ID: [Domain\Username]
Caller User Name: [Primary Server$]
Caller Domain: [Server]
Caller Logon ID: (0x0,0x3E7)
Privileges: -
Has anyone ever seen this before? or experienced something similar?? and my other question, is there a way of unlocking all the domain accounts easily, as im getting pretty tired of going through them all 1 by 1 :s My collegue is currently working on a vbscript/asp page that will go through them all and unlock them, but he is tied up with other problems and hasnt been able to finish it.
Sorry if it seems long winded, and i will greatly appreciate any information.
Thanks a lot
<P ID="edit"><FONT class="small">Edited by psycogi on 10/09/03 00:37.</FONT></P>