Left column is Skyetel and right column is our pbx, this is a call from an internal extension to our external number
As you can see in the image, RTP packets stay in our pbx side, skyetel is not involved in the audio path.
Seeking for knowledge
Left column is Skyetel and right column is our pbx, this is a call from an internal extension to our external number
As you can see in the image, RTP packets stay in our pbx side, skyetel is not involved in the audio path.
@Dashrender The Synchronization service manager application logs dont show the "sync" that the azure logs show sending the disable account change, but azure does show this "sync", the Actiion Client Name is Directory Sync as well
What I cant seem to find, is where this disabled account value is coming from if AD is showing the account as active and enabled.
@scottalanmiller said in User Account getting disabled in Azure:
Could there be something automated trying to log in over and over again with a bad password?
No signint attempts during the weekend, interactive or uninterective where logged int the azure logs, but the account still kept getting disabled and enabled by sync or something.
@dbeato No signing attempts at all during the weekend, but the account is still getting disabled and enabled on its own as shown in the azure audit logs.
@dbeato Targeted?
@Romo said in User Account getting disabled in Azure:
BadLogonCount : 0
badPasswordTime : 132526283882223437
badPwdCount : 0
Shouldn't the BadLogonCount raise if bad passwords were tried?
@dbeato Imgur not working apparently couldn't load the other image.
@dbeato exported-change-not-reimported
@dbeato Here is screenshot. I dont see a sync at all in logs at 7:59 in the sync service manager. Yet the audit logs show the disable account sync at that time.
The user principal name in the activity log is showing the sync coming from the same DC, so not sure what is going on.
@jt1001001 User was disabled on 8/11/2020 originally and enabled again on 11/12/2020. The day he got re-enabled was the issues started happening
@Obsolesce here is the info
AccountExpirationDate :
accountExpires : 9223372036854775807
AccountLockoutTime :
AccountNotDelegated : False
AllowReversiblePasswordEncryption : False
AuthenticationPolicy : {}
AuthenticationPolicySilo : {}
BadLogonCount : 0
badPasswordTime : 132526283882223437
badPwdCount : 0
c : US
CannotChangePassword : False
CanonicalName : DomainName.local/SITE - Location/Location Users/USER LASTNAME
Certificates : {}
City : Location
CN : USER LASTNAME
co : United States
codePage : 0
Company :
CompoundIdentitySupported : {False}
Country : US
countryCode : 840
Created : 6/29/2020 12:05:53 PM
createTimeStamp : 6/29/2020 12:05:53 PM
Deleted :
Department :
Description : FD 8/11/2020-Enabled 11/12/2020
DisplayName : USER LASTNAME
DistinguishedName : CN=USER LASTNAME,OU=Location Users,OU=SITE - Location,DC=DomainName,DC=local
Division :
DoesNotRequirePreAuth : False
dSCorePropagationData : {12/18/2020 1:19:34 PM, 12/18/2020 1:17:50 PM, 12/18/2020 1:10:57 PM,
11/12/2020 2:31:00 PM...}
EmailAddress : [email protected]
EmployeeID :
EmployeeNumber :
Enabled : True
Fax :
GivenName : USER
HomeDirectory :
HomedirRequired : False
HomeDrive :
HomePage :
HomePhone :
Initials :
instanceType : 4
isDeleted :
KerberosEncryptionType : {None}
l : Location
LastBadPasswordAttempt : 12/16/2020 3:39:48 PM
LastKnownParent :
lastLogoff : 0
lastLogon : 132526894973219910
LastLogonDate : 12/14/2020 8:01:11 AM
lastLogonTimestamp : 132524280715790975
LockedOut : False
lockoutTime : 0
logonCount : 69
LogonWorkstations :
mail : [email protected]
Manager :
MemberOf : {REDACTED}
MNSLogonAccount : False
MobilePhone :
Modified : 12/18/2020 1:19:34 PM
modifyTimeStamp : 12/18/2020 1:19:34 PM
mS-DS-ConsistencyGuid : {32, 103, 80, 151...}
msDS-SupportedEncryptionTypes : 0
msDS-User-Account-Control-Computed : 0
msExchBypassAudit : False
msExchPreviousRecipientTypeDetails : 1
msExchRecipientSoftDeletedStatus : 0
msExchUMDtmfMap : {lastNameFirstName:2266666299355, firstNameLastName:6299355226666}
Name : USER LASTNAME
nTSecurityDescriptor : System.DirectoryServices.ActiveDirectorySecurity
ObjectCategory : CN=Person,CN=Schema,CN=Configuration,DC=DomainName,DC=local
ObjectClass : user
ObjectGUID : 97506720-3ae7-4364-898b-e1fa734ed821
objectSid : S-1-5-21-2029862695-1482051392-3921772031-28167
Office :
OfficePhone :
Organization :
OtherName :
PasswordExpired : False
PasswordLastSet : 12/8/2020 4:48:43 PM
PasswordNeverExpires : False
PasswordNotRequired : False
POBox :
PostalCode :
PrimaryGroup : CN=Domain Users,CN=Users,DC=DomainName,DC=local
primaryGroupID : 513
PrincipalsAllowedToDelegateToAccount : {}
ProfilePath :
ProtectedFromAccidentalDeletion : False
proxyAddresses : {[email protected]}
pwdLastSet : 132519413236813439
SamAccountName : mLASTNAME
sAMAccountType : 805306368
ScriptPath :
sDRightsEffective : 15
ServicePrincipalNames : {}
showInAddressBook : {REDACTED}
SID : S-1-5-21-2029862695-1482051392-3921772031-28167
SIDHistory : {}
SmartcardLogonRequired : False
sn : LASTNAME
st : IL
State : IL
StreetAddress :
Surname : LASTNAME
Title :
TrustedForDelegation : False
TrustedToAuthForDelegation : False
UseDESKeyOnly : False
userAccountControl : 512
userCertificate : {}
UserPrincipalName : [email protected]
uSNChanged : 62837343
uSNCreated : 28616664
whenChanged : 12/18/2020 1:19:34 PM
whenCreated : 6/29/2020 12:05:53 PM