It’s Saturday morning and you get a call from your Salaries manager. He tell’s you that he and two other users can’t log onto the network. They type in their windows account password, hit enter and a message appearsup that they have not seen before. “Account is locked”
What runs through your mind, can it be coincidental that three users working on a Saturday,have their windows account locked for no apprent reason or is there another problem, like maybe the domain is down or even crashed. Shock, Horror, can this happen to me now, on a Saturday morning.
You quickly get up and tell your User that you will log onto the network, identify the problem and get back to him shortly.
You logon to the system and you breathe easily, cos the domain seems healthy. You then log onto the AD users and groups and check the specific users accounts. To your amazement, their acounts are fine and not locked or anything.
When a you get the message: “Security logs are full” upon loggiing onto the DC, sparks fly and you realise that the users cannot log onto the domain because the security logs are full and their logons are not audited.
So you check the security logs and you set the properties to “overwrite logs when needs”
This will delete the oldest security logs to make space for the new log events.
You ask the users to try log on again and then everything works fine.
Now you can go back to what you were doing at Saturday morning, SLEEPING.
