Domain administrator with several failed authentication attempts on DC

Rodrigo Catarino 0 Reputation points


We have the "administrator" domain account disabled as the best practice says.

I have 200k+ daily failed login attempts from that user from my domain controller to the same machine.

The logon service attempt is from krbtgt/MYDOMAIN but as the account is disabled the authentication fails.

How can i validate/correct this?

Kind regards,

Rodrigo Catarino

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
9,547 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
4,358 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Dave Patrick 354.3K Reputation points MVP

    Do you have a screenshot?

  2. Dave Patrick 354.3K Reputation points MVP

    There may be a better method.

    --please don't forget to upvote and Accept as answer if the reply is helpful--