question

RD-2886 avatar image
0 Votes"
RD-2886 asked DSPatrick answered

Getting _Guest account lockout from deleted AD computer

We have Windows 10 computer (PR101) which was removed from 2012 R2 AD. I can check this computer present in Active Directory Admin Center under Deleted Objects.

We are using Logz.io and Logz.io is sending us _Guest account lockout information about this computer.

Any idea from your experience, what could be the possible reason for this Issue/problem. Same is happening with other 5 computers.



  • Could you please move to right category if this is not the place to ask this question.



windows-active-directory
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

I'd ask Logz.io about the problem.

--please don't forget to upvote and Accept as answer if the reply is helpful--





5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RD-2886 avatar image
0 Votes"
RD-2886 answered

Thanks for your quick reply. I contacted LogzIO.

They are saying that "Based on the logs you are sending, the deleted computer contains that event.code 4740 which is triggering the alert sending you that email"

Is that Deleted computer sitting inside Windows Admin Center is generating events 4740?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

Might want to logon to the desktop in question and check the event logs for any further clues.




5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RD-2886 avatar image
0 Votes"
RD-2886 answered

I do not want to restore this computer and Sorry, I am not getting How can I logon to deleted computer?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

Ok, it wasn't clear deleted from active directory could have also meant it was disjoined from domain and still alive somewhere. If the pc is turned off or no longer on the network then it seems the Logz.io process is sending out bogus emails. The logz.io support people should know the process of how and where they source the information.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RD-2886 avatar image
0 Votes"
RD-2886 answered

Source need to stop sending alerts/generate events.
LogzIO is sending emails/generating alerts only when event 4740 is getting generated.

My question is, how come a deleted computer sitting inside Windows Admin Centre ican generate 4740 events?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

My question is, how come a deleted computer sitting inside Windows Admin Centre ican generate 4740 events?

Ok, so not clear again. Is this computer still alive and on network?






5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RD-2886 avatar image
0 Votes"
RD-2886 answered

Thanks for getting in touch.
Computer is not alive and not connected to any Ethernet cable. But yes, deleted object is sitting in Windows Admin Center under deleted section

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

Computer is not alive and not connected to any Ethernet cable.

If the Logz.io process is still sending out bogus emails then it seems pretty obvious the source of this process is either wrong, buggy, or somehow hung. We've no idea what happens inside their software. The logz.io support people should know the process of how and where they source the information.





5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.