I have a very strange thing occurring. It appears that if we disable a computer account in active directory, and the computer is still on the network, it will lockout the Domain Administrator account. I have been trouble shooting this for several months
and have determined that it is the disabled computers that are causing the lockout. I have renamed the Domain Administrator account, and now the disabled computers are locking out the renamed account. By simply re-enabling the computer account the lockout
stop.
There is no services using the account, no scheduled task, no network mapped drives, and no remote RDP Sessions. If it were any of these areas that would have been using the Administrator account, the renaming the account should have stopped it from locking
out the renamed account. It seem that the disabled computers are some how tied to the Domain Administrator SSID. We have scanned for viruses and malware with several different products and not finding anything.
I have been working with Microsoft for almost 3 weeks, and they of course have no idea, and the case is still open. I am posting this in the Community because I normally have better luck in getting things resolved here rather than Microsoft. Has anyone ever
seen this?
David
David Moore