Question : Locked out accounts

Greetings Experts,

I am an Active Directory administrator and have recently seen a number (15-20) of accounts locked out daily. There is no rhyme or reason to the order in which this is occurring. We suspect someone may be trying to brute-force OWA and/or Exchange ActiveSync in order to be able to send spam through our domain. I am interested in knowing your opinions on what 'best practices' are in this situation. We do not have evidence that anyone has actually made it through, however our helpdesk is fielding calls nearly every morning to unlock these accounts. Is there any sort of AD program or methodology to find out which area of AD the bad password attempts are coming from (OWA, folder mapping etc.) and who is sending them (IP Address)? We would very much like the capability to block the address, or range of addresses..

Some sort of automated AD security program would of course, be preferred..

Thanks!

-Gene

Answer : Locked out accounts

Download the account lcokout tools from Microsoft;
http://www.microsoft.com/downloads/details.aspx?familyid=7af2e69c-91f3-4e63-8629-b999adde0b9e&displaylang=en

There's a tool called eventcombMT.exe this comes with a built-in search for account lockouts that will tell you where the bad attempts are coming from. This should be a good starting point...

Random Solutions

Maximum number of VRF instances on a Cisco access router

Calender applications.....

C++ Serial Communication - LSB & MSB

multiple email domains and sender selection

Migrate Sun messaging to Exchange

Two GIG Nics in my HP workstation how do I set them up to load balance?

OCS 2007 R2 and Cisco call manager

Terminal server 2008 R2 Pinned Taskbar Links

Move applications between networked computers