question

AdamTrzaskowski-7808 avatar image
0 Votes"
AdamTrzaskowski-7808 asked Sam-Cogan answered

Azure AD DS showing DC name instead of VM as Source Workstation

Hi,

I have Azure AD and AD DS deployed.
Multiple services on multiple VMs use a single account to access services. The problem is, if a single service has a bad password (for whatever reason) it causes a lockout of the admin account and blocks all other VMs. I need to be able to track the faulty VM.
My issue is, that the Logs do not show the "Source Workstation" being the faulty VM, but the AD DS DC that's in front of it:
105277-image.png



Is that a bug, or do I have something not set up correctly? How to track the source of bad-password requests?

What i am doing right now, is switching the VMs off and checking if the requests stop - but this is no long-term solution.

azure-ad-domain-servicesazure-ad-sign-in-logs
image.png (86.2 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

Sam-Cogan avatar image
1 Vote"
Sam-Cogan answered

The correct solution to this is to use separate service accounts for each service so that you are able to identity which service is the issue. Using a single account for everything leaves you open to significant risk should that account be breached or, as you have seen here, there are password issues.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.