Active Directory - User account lockout after changing password

Hello all,

I have recently changed a few things in my active directory, in order to shore up some basic security. We have one domain, running Windows 2003 severs.  Everything is pretty basic with the domain. I have made three changes in past few days.  They are:

1.  Changed password complexity to 6 chars, capital, numeral..etc
2.  Changed account lockout to duration of 3 unsuccessful attemps
3.  Changed password expiration to 30 days

After changing these settings in AD (globally), it seems that when people change their passwords (after being prompted when they login) their accounts get locked out.  This has happened to every person who has changed their password since the changes were implemented.

Does anybody have any ideas as to why this might be happening?

Thanks in advance for your help.

Who is Participating?
AmericomConnect With a Mentor Commented:
I don't believe this happens to all users who change password. I believe its you could have a lot pa users got locked out due to the following reasons:
1. Users do not know the requirement of a complex password.
2. Users do not usually logoff their machine other than putting their laptop in standby mode or remain logged on with old password.
3. Notification of passsword chance was prompt due to various reasons.
4. 3 attempt for pasword locked is too low as user may need training on what complex password is all about.

Other possibilities are terminal session or rdp session still logged on with old password and multiple machines being used could also lead to account locked out. At this point, what you can do is study the security log of your DCs to find out what machine the user account being locked out. Also train the users on what they need to provide when changing a complex password. I also find that 3 attempt is not enough most pa the time, even for myself, and the reason I always have a second account to unlock my account. Mistype password, caplock, and misused old password accounted 3 attempts and a helpdesk ticket aleady need to open...
MbrowwnAuthor Commented:
Thank you for your reply Americom.  It appears that some users were logged into multiple machines, therefore locking their accounts when the password was changed.

Thanks again for all your help!
You welcome, glad that help.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.