question

Gazzoo avatar image
0 Votes"
Gazzoo asked ·

Exchange Server and AD Authentication - Lockouts

Hi, So I may be asking a bonehead question: However, Does on-prem Exchange server 2013 or 2016 cache/store AD credentials when it attempts to authenticate back to AD? Thanks

office-exchange-server-administration
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AndyDavid avatar image
1 Vote"
AndyDavid answered ·

No, the users authenticate directly with AD, so no caching on the Exchange Server.
Of course, users themselves can cache credentials on their devices.

What Exchange caches is the Forest DC Topology with the DSAccess Service
https://docs.microsoft.com/en-us/exchange/troubleshoot/administration/msexchangedsaccess-event-id-2080

· 1 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @Gazzoo ,

Agree with Andy, AD won't store these credentials. Logon credentials will be stored on browsers or Windows Credentials for OWA/Outlook client.

1 Vote 1 ·
Gazzoo avatar image
0 Votes"
Gazzoo answered ·

Awesome, thanks for that answer - that's what suspected but wasn't sure, if for some crazy reason they would be stored there besides the users client apps.

I posted because I've been dealing with crazy account lockout issues (Exchange 2013 CU-22) as in an account being locked every 3 minutes - currently pouring through posts on locating the lockout causes when all it shows is the Exchange servers in Event 4740.
I thought maybe a corrupted mailbox or something might be causing the lockouts, but I'm not an Exchange expert by any means so that may be completely ignorant.
Anyhow, It's easy when the Event 4740 points to the device, but almost impossible when the Event is only showing the lockouts coming from the 2 Exchange servers, to which I used ExMon on the Exchange servers to capture user connections.
ExMon showed me a PC, but I cleared that PC of the user's Exchange account, then ExMon only showed connections coming from "Client=MSExchangeRPC" and "none" for the Client IP address.
So now I've found some more tools I can use to possibly see more into what is causing these lockouts.
And I'm going run some health checks.

If anyone has additional input, it is appreciated!

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.