Don't you think that there's a bigger issue that needs to be tackled first? What is causing this? I'd make sure auditing is turned on for your domains ecurity policy and start looking at failure records on your DCs. That aside, ADModify.Net can probably do this. --Brian
-----Original Message-----
From: Robert N. Leali [mailto:[EMAIL PROTECTED]
Sent: Thu 8/5/2004 3:42 PM
To: [EMAIL PROTECTED]
Cc:
Subject: [ActiveDir] Unlock user account in mass
What is the easiest way to unlock multiple user accounts in Active Directory?
Random accounts locked up today and I need a way to unlock them without having to go
user by user. Is there a tool or script already written?
Any help would be appreciated.
Robert
_____
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gasper, Rick
Sent: Thursday, August 05, 2004 2:02 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Kerberos question
I am looking that up now
Rick Gasper
Manager, Network Services
King's College
133 N. River St
Wilkes-Barre PA 18711
PH: 570-208-5845
Fax: 570-208-6072
Cell: 570-760-0335
[EMAIL PROTECTED]
_____
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Thursday, August 05, 2004 3:45 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Kerberos question
This stands out
Pre-authentication failed:
_____
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gasper, Rick
Sent: Thursday, August 05, 2004 3:24 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Kerberos question
The program uses apache, I am still working with the vendor on this.
This is the error from the DC:
Event Type: Failure Audit
Event Source: Security
Event Category: Account Logon
Event ID: 675
Date: 8/5/2004
Time: 3:15:59 PM
User: NT AUTHORITY\SYSTEM
Computer: KINGS-DC01
Description:
Pre-authentication failed:
User Name: ricktest
User ID: KINGS\ricktest
Service Name: krbtgt/KINGS.EDU
Pre-Authentication Type: 0x0
Failure Code: 0x19
Client Address: 10.1.18.48
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Rick Gasper
Manager, Network Services
King's College
133 N. River St
Wilkes-Barre PA 18711
PH: 570-208-5845
Fax: 570-208-6072
Cell: 570-760-0335
[EMAIL PROTECTED]
_____
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Thursday, August 05, 2004 2:54 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Kerberos question
There are tools to monitor kerberos conversations (capture), but I think
you're likely better off using success/failure audit logging to see what's going on,
what's being attempted and where authentication is failing.
I think the following is most likely to be helpful
http://support.microsoft.com/default.aspx?kbid=326985
_____
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gasper, Rick
Sent: Thursday, August 05, 2004 2:41 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Kerberos question
Question,: is there a utility that would use Kerberos to login (Kind of like a
test login utility)?
We are not experiencing any problem with logins anywhere (except as
mentioned).. This is the first non windows application we are deploying that uses
Kerberos (outside of windows). IT does recognize a bad password as a bad password, but
throws an error with the correct password is given:
ERROR(1006)
An error occurred in WebCT authorization.
Rick Gasper
Manager, Network Services
King's College
133 N. River St
Wilkes-Barre PA 18711
PH: 570-208-5845
Fax: 570-208-6072
Cell: 570-760-0335
[EMAIL PROTECTED]
_____
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Thursday, August 05, 2004 2:00 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Kerberos question
So that leads to the next question then: do you have a problem going on? If
so, can you give some details?
Al
_____
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gasper, Rick
Sent: Thursday, August 05, 2004 11:26 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Kerberos question
The application is called WebCT. www.webct.com <http://www.webct.com/> . It is
a distance learning app that runs off a web server. Their documentation is some what
lacking, and their support is not really that good.
I do have everything set up as they request, so I was thinking that my problem
is on my end.
I do have a support call scheduled with them later today. I wanted to try to
rule out a AD problem.
Thanks
Rick Gasper
Manager, Network Services
King's College
133 N. River St
Wilkes-Barre PA 18711
PH: 570-208-5845
Fax: 570-208-6072
Cell: 570-760-0335
[EMAIL PROTECTED]
_____
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Thursday, August 05, 2004 10:44 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Kerberos question
Sorry Rick. Thread overlap. :)
Whether or not you need to make a change depends on the application. For
example, if they use the operating system to handle the authentication calls, then it
should work fine, right? If they do something else, they should have documented it and
should tell you what is needed. What is the application saying they need to do?
Which application is it out of curiosity?
Al
_____
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gasper, Rick
Sent: Thursday, August 05, 2004 10:29 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Kerberos question
I think we have a miscom here: I have no 5.5 server-- I assume that you mean
exchange 5.5 (we are all ex2k3).
More details:
I have an app that runs on a win2k3 that uses either LDAP or Kerberos to
authenticate itâs users against our 2003 active directory. The app server is part of
our domain but the app that runs on it is a third party app that says it can
authenticate using Kerberos or LDAP.
My question is: Do I need to do anything to our Domain controller to allow the
app to talk to the domain controller?
Thanks,
Rick Gasper
Manager, Network Services
King's College
133 N. River St
Wilkes-Barre PA 18711
PH: 570-208-5845
Fax: 570-208-6072
Cell: 570-760-0335
[EMAIL PROTECTED]
_____
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Thursday, August 05, 2004 9:53 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Kerberos question
Before going any further, how about trying to get the information from a 5.5
server locally using the admin utility?
The goal of looking there is to isolate whether the problem is on the 5.5 side
or if the problem is elsewhere; just need to rule out there's a problem with the 5.5
admin :)
Al
_____
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gasper, Rick
Sent: Thursday, August 05, 2004 9:49 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Kerberos question
It is also windows 2003, but the software is a web app (webct). I am confused
as the whether the OS it doing the authentication or the app is.
Rick Gasper
Manager, Network Services
King's College
133 N. River St
Wilkes-Barre PA 18711
PH: 570-208-5845
Fax: 570-208-6072
Cell: 570-760-0335
[EMAIL PROTECTED]
_____
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Thursday, August 05, 2004 9:08 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Kerberos question
What OS is the remote system and how is it connected?
_____
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gasper, Rick
Sent: Thursday, August 05, 2004 9:04 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Kerberos question
Quick question:
I have a remote system that needs to authenticate to our 2003 dcs, I have the
choices of Kerberos and ldap. I would perfer to use Kerberos for security reasons, but
I do not know if I need to do anything on the DC server in order to make this work.
Does anyone have place they could point me to? I have the Kerberos trouble
shooting guide and am working through this.
Thanks
Rick Gasper
Manager, Network Services
King's College
133 N. River St
Wilkes-Barre PA 18711
PH: 570-208-5845
Fax: 570-208-6072
Cell: 570-760-0335
[EMAIL PROTECTED]
<<winmail.dat>>
