i am getting failed to login due to bad password in my AD. and user account getting locked by it

Aginash Mannarath 111 Reputation points
2022-10-19T09:09:50.033+00:00

i am getting failed to login due to bad password in my AD. and user account getting locked because of this this issue , we cleared credential manager, checked one drive and office apps . but issue is there.
it showing something like an attack but we coudn't find any.
i still suspicious on any app or the user may doing it. is there any way to sort this issue

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,914 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Cedric NONOGNI 161 Reputation points
    2022-10-19T13:33:46.317+00:00

    Hi @Aginash Mannarath ,

    The best way to locate the source of these bad password attempts blocking the user account is to find in the DC security event logs for events id : 4740 or 4525.
    In the event log you will have the IP address/name of the originating host.
    You will then be able to either:

    • terminate properly any stale session
    • identify were the password was saved and clear it.

    Keep in mind that the password may have been save in too many place including:
    Scheduled tasks, windows services, web browser, web applications, Windows application, network drive, etc...
    There are some good tools available for free that you can use locally on the host once it is identified to check everywhere where the password is saved.

    Hope this will be helpful.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.