Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


User Account won't unlock after repeated attempts

Posted on 2011-02-17
Medium Priority
Last Modified: 2012-05-11
I have a user that had her computer tell her she is locked out, and no matter how much I try the normal "unlock" function through AD, it keeps showing as locked. She swears she isn't logged in on any other machines, too. Any thoughts?
Question by:biofishfreak
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Assisted Solution

alreadyinuse earned 252 total points
ID: 34921580
How many domain controllers do you have? The locked attribute will replicate but somethimes it takes a few minutes or so. Also can you confirm that the account in AD is not expired instead of locked?
LVL 14

Assisted Solution

JAN PAKULA earned 252 total points
ID: 34921620
check if she is not logged to any server

    NET SESSION | FIND /C "\\"
Remotely, with the help of SysInternals' PSTools:

    PSEXEC \\servername NET SESSION | FIND /C "\\"
By replacing FIND /C "\\" by FIND "\\" (removing the /C switch) you'll get a list of logged on users instead of just the number of users.

Jan ICt Tech MA CCNA

delete account (copy files first ) and recreate - assigning security memberships and privileges to her files
LVL 13

Assisted Solution

CrashDummy_MS earned 248 total points
ID: 34921657
It's possible that the account is getting locked out again as soon as you unlock it. Perhaps some device, service or task is set to use her credentials. Install the additional info tab and you can see when the last bad password was.
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.


Assisted Solution

by:Kris Montgomery
Kris Montgomery earned 248 total points
ID: 34921849
I will agree with the last comment... To add, that 'some device' is usually their cell phone.  Make sure the correct credentials are on the phone.

Also see if any backup software is trying to run as that account automatically with incorrect credentials.


Accepted Solution

biofishfreak earned 0 total points
ID: 34921975
Thanks for the reply guys. I had downloaded the advanced account info tools prior to posting to EE, and that was getting the same error of not logging off. The user was logged off, so I shut the machine all the way down and the issue cleared without issue.

Expert Comment

ID: 34922522
You might also see failed logon events in the security logs on the authenticating domain controller for the account getting locked out.

Author Closing Comment

ID: 35135893
Shutting down the machine while then clearing AD worked fine.

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question