I've got a bit of a headache over here at my company— we have around 150 machines, and none of them are joined to the domain. We're adding the domain usernames into each machine's credential manager to map network drives. However, a particular domain username keeps getting locked out by the domain controller, and I've been trying to figure out which machine is causing the problem for weeks. I can't create a new username because that account is tied to specific software we use and has a bunch of NTFS permissions I'm not fully clear on.
5 Answers
Yeah, keep an eye on the event log, especially for the security events. Search for event number 4740; that one indicates when a user account was locked out.
Sounds like a bit of a mess! Are you the only IT person dealing with this? Usually, you can check the event log on the domain controller to see which username and machine are causing the lockout. How many domain controllers do you have?
You're in a tricky spot! The event log on the domain controller should show you the source of the login attempt. Just make sure to enable audit logging to capture that info.
If it gets too complicated, you might want to consider renaming the user in Active Directory and then updating the workstations to use that new username.
First off, why aren’t these machines joined to the domain while you're trying to access domain resources? That doesn’t sound ideal. It's likely causing a lot of confusion with the credentials.
Because my boss said so. He believes our system isn’t powerful enough for all the computers to join the domain without putting a strain on the server.