Today I noticed that my Domain Controller had many entries in the security
log. Allot of failures but some successes. I noticed that each log entry was
from a machine called \\NTSCAN . Each log contained one username (Their
LOGIN NAME) and either failure or success. The successes I found were
accounts with the password being the same as the username (I didn't set
these users up) the failures were not. Every account in the active directory
was scanned for hours.

My problem is, how are they getting the user names from the active
directory? Exchange 2000 sp3 is installed, is that how they are getting the
user login names? How can I stop this, yes I have had the users change their
passwords to not match their username but how can I stop someone from
obtaining the user logins. I also have all the updates from windows update
and SP 4.

Please advise...