Very Unusual User Account Lock Problem

I have a user who has been experiencing problem with an active directory user account keep locking out for the past several weeks. When the user tries to log on in the morning, he encounter an error message reading “Referenced account is currently locked out and may not be logged onto” after putting in the username and password for the first time. When the helpdesk unlock the account the user is able to get on for a while and the problem seems temporarily fixed. But after about an hour or so, email and internet will prompt the user for a password and basically locked out of the account even though the user is logged into it. This issue happens several times per day. The account looks fine in AD. Any ideas why this might be happening?
mjmksmAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Steven CarnahanNetwork ManagerCommented:
There are probably any number of reasons. It sounds like there is something running on the system using credentials prior to a password change. For example, if they have a scheduled task or a hard coded drive mapping or a backup program.
Brian PiercePhotographerCommented:
Check that a service, scheduled task is not running with the users account, and that no share is being accesses with an old password.
This usually happens after the user has changed a password and service/task/share is set to use the old credentials.

These tools can help to resolve the issue http://www.microsoft.com/downloads/en/details.aspx?FamilyId=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en
arnoldCommented:
The quickest one to check is whether the user has recently changed their password while at the same time, the user has a mapped drive where the user stored the old password for credentials.
control keymgr.dll
This will show whether the user has stored a password to a resource that might no longer be valid.

as KCTS pointed out, the tool provide you with a way to determine the source of the authentication requests that lead to the lockout.  I.e. a user has a terminal session on a terminal server that was established prior to the recent password change.  A user has a logged in session on another computer that has a mapped drive etc.

Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

athomsfereCommented:
Things that help me:

1 make sure the user is not logged into any other machines.
2 Make sure the user does not have any stored passwords
     start - run -> user controlpasswords2 -> advanced tab -> Manage passwords -> Clear any passwords here
3) Check the security events in the Computer Management MMC on the client and DC for invalid hits
4) Check Shared drive servers for connections from that machine (You may see additional PCs the user does not know they are logged into)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mjmksmAuthor Commented:
Thanks to everyone for the quick response. I'll work with the suggested solutions posted and provide a feedback.
mjmksmAuthor Commented:
User was logged on to multiple PCs. After clearing from the workstations, everything is fine now. Thanks to everyone for their help.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.