RE: [ActiveDir] Unlock user account in mass
Title: Kerberos question Brian - If I hadnt already figured that out, youd be right J Was helping a friend at my last job undo the damage already inflicted. Thanks for all the replies that were supplied problem solved. Joes solution was the easiest and quickest, thus we used that. Robert From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: Thursday, August 05, 2004 7:22 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Unlock user account in mass Don't you think that there's a bigger issue that needs to be tackled first? What is causing this? I'd make sure auditing is turned on for your domains ecurity policy and start looking at failure records on your DCs. That aside, ADModify.Net can probably do this. --Brian -Original Message- From: Robert N. Leali [mailto:[EMAIL PROTECTED] Sent: Thu 8/5/2004 3:42 PM To: [EMAIL PROTECTED] Cc: Subject: [ActiveDir] Unlock user account in mass What is the easiest way to unlock multiple user accounts in Active Directory? Random accounts locked up today and I need a way to unlock them without having to go user by user. Is there a tool or script already written? Any help would be appreciated. Robert
RE: [ActiveDir] Unlock user account in mass
Hi Brian We saw a new version of the Randex about 2 weeks ago that Norton AV was not yet picking up but managed to lock out about 1800 accounts in the 2 days we saw it running. The process that was running was gt.exe or wintaskx.exe We caught the thing by looking for failure audits, and then quarantining the four systems that all the failures were coming from, then sending the files to Symantec. Regards; James R. Day National Parks Service - AD Core Team (202) 354-1464 Fax (202) 371-1549 [EMAIL PROTECTED] Robert N. Leali [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent by: cc: (bcc: James Day/Contractor/NPS) [EMAIL PROTECTED]Subject: RE: [ActiveDir] Unlock user account in mass tivedir.org 08/06/2004 07:58 AM EST Please respond to ActiveDir Brian - If I hadnt already figured that out, youd be right J Was helping a friend at my last job undo the damage already inflicted. Thanks for all the replies that were supplied problem solved. Joes solution was the easiest and quickest, thus we used that. Robert From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: Thursday, August 05, 2004 7:22 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Unlock user account in mass Don't you think that there's a bigger issue that needs to be tackled first? What is causing this? I'd make sure auditing is turned on for your domains ecurity policy and start looking at failure records on your DCs. That aside, ADModify.Net can probably do this. --Brian -Original Message- From: Robert N. Leali [mailto:[EMAIL PROTECTED] Sent: Thu 8/5/2004 3:42 PM To: [EMAIL PROTECTED] Cc: Subject: [ActiveDir] Unlock user account in mass What is the easiest way to unlock multiple user accounts in Active Directory? Random accounts locked up today and I need a way to unlock them without having to go user by user. Is there a tool or script already written? Any help would be appreciated. Robert
RE: [ActiveDir] Unlock user account in mass
Title: Kerberos question Cheer! Neener neener. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert N. LealiSent: Friday, August 06, 2004 8:59 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Unlock user account in mass Brian - If I hadnt already figured that out, youd be right J Was helping a friend at my last job undo the damage already inflicted. Thanks for all the replies that were supplied problem solved. Joes solution was the easiest and quickest, thus we used that. Robert From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian DesmondSent: Thursday, August 05, 2004 7:22 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Unlock user account in mass Don't you think that there's a bigger issue that needs to be tackled first? What is causing this? I'd make sure auditing is turned on for your domains ecurity policy and start looking at failure records on your DCs. That aside, ADModify.Net can probably do this. --Brian -Original Message- From: Robert N. Leali [mailto:[EMAIL PROTECTED] Sent: Thu 8/5/2004 3:42 PM To: [EMAIL PROTECTED] Cc: Subject: [ActiveDir] Unlock user account in mass What is the easiest way to unlock multiple user accounts in Active Directory? Random accounts locked up today and I need a way to unlock them without having to go user by user. Is there a tool or script already written? Any help would be appreciated. Robert
[ActiveDir] Unlock user account in mass
Title: Kerberos question What is the easiest way to unlock multiple user accounts in Active Directory? Random accounts locked up today and I need a way to unlock them without having to go user by user. Is there a tool or script already written? Any help would be appreciated. Robert From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gasper, Rick Sent: Thursday, August 05, 2004 2:02 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Kerberos question I am looking that up now Rick Gasper Manager, Network Services King's College 133 N. River St Wilkes-Barre PA 18711 PH: 570-208-5845 Fax: 570-208-6072 Cell: 570-760-0335 [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Thursday, August 05, 2004 3:45 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Kerberos question This stands out Pre-authentication failed: From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gasper, Rick Sent: Thursday, August 05, 2004 3:24 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Kerberos question The program uses apache, I am still working with the vendor on this. This is the error from the DC: Event Type: Failure Audit Event Source: Security Event Category: Account Logon Event ID: 675 Date: 8/5/2004 Time: 3:15:59 PM User: NT AUTHORITY\SYSTEM Computer: KINGS-DC01 Description: Pre-authentication failed: User Name: ricktest User ID: KINGS\ricktest Service Name: krbtgt/KINGS.EDU Pre-Authentication Type: 0x0 Failure Code: 0x19 Client Address: 10.1.18.48 For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Rick Gasper Manager, Network Services King's College 133 N. River St Wilkes-Barre PA 18711 PH: 570-208-5845 Fax: 570-208-6072 Cell: 570-760-0335 [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Thursday, August 05, 2004 2:54 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Kerberos question There are tools to monitor kerberos conversations (capture), but I think you're likely better off using success/failure audit logging to see what's going on, what's being attempted and whereauthentication isfailing. I think the following is most likely to be helpful http://support.microsoft.com/default.aspx?kbid=326985 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gasper, Rick Sent: Thursday, August 05, 2004 2:41 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Kerberos question Question,: is there a utility that would use Kerberos to login (Kind of like a test login utility)? We are not experiencing any problem with logins anywhere (except as mentioned).. This is the first non windows application we are deploying that uses Kerberos (outside of windows). IT does recognize a bad password as a bad password, but throws an error with the correct password is given: ERROR(1006) An error occurred in WebCT authorization. Rick Gasper Manager, Network Services King's College 133 N. River St Wilkes-Barre PA 18711 PH: 570-208-5845 Fax: 570-208-6072 Cell: 570-760-0335 [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Thursday, August 05, 2004 2:00 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Kerberos question So that leads to the next question then: do you have a problem going on? If so, can you give some details? Al From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gasper, Rick Sent: Thursday, August 05, 2004 11:26 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Kerberos question The application is called WebCT. www.webct.com. It is a distance learning app that runs off a web server. Their documentation is some what lacking, and their support is not really that good. I do have everything set up as they request, so I was thinking that my problem is on my end. I do have a support call scheduled with them later today. I wanted to try to rule out a AD problem. Thanks Rick Gasper Manager, Network Services King's College 133 N. River St Wilkes-Barre PA 18711 PH: 570-208-5845 Fax: 570-208-6072 Cell: 570-760-0335 [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Thursday, August 05, 2004 10:44 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Kerberos question Sorry Rick. Thread overlap. :) Whether or not you need to make a change depends on the application. For example, if they use the operating system to handle the authentication calls, then it should work fine, right? If they do something else, they should have documented it and should tell you what is needed. What is the application saying they need to do?Which application is it out of curiosity? Al From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Re: [ActiveDir] Unlock user account in mass
Hi Robert I have two scripts we used a few weeks ago when we had this problem. They were written based on some of Robbie Allens scripting in his Tuna Book. (See attached file: bulkunlock3.vbs)(See attached file: collect nt usernames.vbs) Create a file on the root of drive C called ntuserlist.txt and a second file called lockedaccounts.txt. Edit both scripts to change the domain name from DOMAINNAME to whatever your domain is. Run the Collect NT usernames script - this will put up a done message box when it finishes and provide a list of all users in your domain. Run the bulkunlock3 which will read the list and unlock any locked accounts. The list of accounts that were unlocked will show up in lockedaccounts.txt while a message box will be provided with the number of accounts unlocked. Regards; James R. Day National Parks Service - AD Core Team (202) 354-1464 Fax (202) 371-1549 [EMAIL PROTECTED] Robert N. Leali [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent by: cc: (bcc: James Day/Contractor/NPS) [EMAIL PROTECTED]Subject: [ActiveDir] Unlock user account in mass tivedir.org 08/05/2004 03:42 PM EST Please respond to ActiveDir What is the easiest way to unlock multiple user accounts in Active Directory? Random accounts locked up today and I need a way to unlock them without having to go user by user. Is there a tool or script already written? Any help would be appreciated. Robert From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gasper, Rick Sent: Thursday, August 05, 2004 2:02 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Kerberos question I am looking that up now Rick Gasper Manager, Network Services King's College 133 N. River St Wilkes-Barre PA 18711 PH: 570-208-5845 Fax: 570-208-6072 Cell: 570-760-0335 [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Thursday, August 05, 2004 3:45 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Kerberos question This stands out Pre-authentication failed: From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gasper, Rick Sent: Thursday, August 05, 2004 3:24 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Kerberos question The program uses apache, I am still working with the vendor on this. This is the error from the DC: Event Type: Failure Audit Event Source: Security Event Category:Account Logon Event ID: 675 Date:8/5/2004 Time: 3:15:59 PM User:NT AUTHORITY\SYSTEM Computer:KINGS-DC01 Description: Pre-authentication failed: User Name: ricktest User ID: KINGS\ricktest Service Name: krbtgt/KINGS.EDU Pre-Authentication Type: 0x0 Failure Code:0x19 Client Address: 10.1.18.48 For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Rick Gasper Manager, Network Services King's College 133 N. River St Wilkes-Barre PA 18711 PH: 570-208-5845 Fax: 570-208-6072 Cell: 570-760-0335 [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Thursday, August 05, 2004 2:54 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Kerberos question There are tools to monitor kerberos conversations (capture), but I think you're likely better off using success/failure audit logging to see what's going on, what's being attempted and where authentication is failing. I think
RE: [ActiveDir] Unlock user account in mass
Don't you think that there's a bigger issue that needs to be tackled first? What is causing this? I'd make sure auditing is turned on for your domains ecurity policy and start looking at failure records on your DCs. That aside, ADModify.Net can probably do this. --Brian -Original Message- From: Robert N. Leali [mailto:[EMAIL PROTECTED] Sent: Thu 8/5/2004 3:42 PM To: [EMAIL PROTECTED] Cc: Subject: [ActiveDir] Unlock user account in mass What is the easiest way to unlock multiple user accounts in Active Directory? Random accounts locked up today and I need a way to unlock them without having to go user by user. Is there a tool or script already written? Any help would be appreciated. Robert _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gasper, Rick Sent: Thursday, August 05, 2004 2:02 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Kerberos question I am looking that up now Rick Gasper Manager, Network Services King's College 133 N. River St Wilkes-Barre PA 18711 PH: 570-208-5845 Fax: 570-208-6072 Cell: 570-760-0335 [EMAIL PROTECTED] _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Thursday, August 05, 2004 3:45 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Kerberos question This stands out Pre-authentication failed: _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gasper, Rick Sent: Thursday, August 05, 2004 3:24 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Kerberos question The program uses apache, I am still working with the vendor on this. This is the error from the DC: Event Type: Failure Audit Event Source: Security Event Category:Account Logon Event ID: 675 Date:8/5/2004 Time: 3:15:59 PM User:NT AUTHORITY\SYSTEM Computer:KINGS-DC01 Description: Pre-authentication failed: User Name: ricktest User ID: KINGS\ricktest Service Name: krbtgt/KINGS.EDU Pre-Authentication Type: 0x0 Failure Code:0x19 Client Address: 10.1.18.48 For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Rick Gasper Manager, Network Services King's College 133 N. River St Wilkes-Barre PA 18711 PH: 570-208-5845 Fax: 570-208-6072 Cell: 570-760-0335 [EMAIL PROTECTED] _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Thursday, August 05, 2004 2:54 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Kerberos question There are tools to monitor kerberos conversations (capture), but I think you're likely better off using success/failure audit logging to see what's going on, what's being attempted and where authentication is failing. I think the following is most likely to be helpful http://support.microsoft.com/default.aspx?kbid=326985 _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gasper, Rick Sent: Thursday, August 05, 2004 2:41 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Kerberos question Question,: is there a utility that would use Kerberos to login (Kind of like a test login utility)? We are not experiencing any problem with logins anywhere (except as mentioned).. This is the first non windows application we are deploying that uses Kerberos (outside of windows). IT does recognize a bad password as a bad password, but throws an error with the correct password is given: ERROR(1006) An error occurred in WebCT authorization. Rick Gasper Manager, Network Services King's College 133 N. River St Wilkes-Barre PA 18711 PH: 570-208-5845 Fax: 570-208-6072 Cell: 570-760-0335 [EMAIL PROTECTED] _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Thursday, August 05, 2004 2:00 PM To: [EMAIL PROTECTED] Subject: RE