Azure AD DS showing DC name instead of VM as Source Workstation

Adam Trzaskowski 1 Reputation point
2021-06-14T08:31:18.437+00:00

Hi,

I have Azure AD and AD DS deployed.
Multiple services on multiple VMs use a single account to access services. The problem is, if a single service has a bad password (for whatever reason) it causes a lockout of the admin account and blocks all other VMs. I need to be able to track the faulty VM.
My issue is, that the Logs do not show the "Source Workstation" being the faulty VM, but the AD DS DC that's in front of it:
105277-image.png

Is that a bug, or do I have something not set up correctly? How to track the source of bad-password requests?

What i am doing right now, is switching the VMs off and checking if the requests stop - but this is no long-term solution.

Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,373 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Sam Cogan 10,502 Reputation points MVP
    2021-06-14T09:14:15.76+00:00

    The correct solution to this is to use separate service accounts for each service so that you are able to identity which service is the issue. Using a single account for everything leaves you open to significant risk should that account be breached or, as you have seen here, there are password issues.

    1 person found this answer helpful.
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.