Solved

User Account won't unlock after repeated attempts

Posted on 2011-02-17
7
4,272 Views
Last Modified: 2012-05-11
I have a user that had her computer tell her she is locked out, and no matter how much I try the normal "unlock" function through AD, it keeps showing as locked. She swears she isn't logged in on any other machines, too. Any thoughts?
0
Comment
Question by:biofishfreak
7 Comments
 
LVL 5

Assisted Solution

by:alreadyinuse
alreadyinuse earned 63 total points
ID: 34921580
How many domain controllers do you have? The locked attribute will replicate but somethimes it takes a few minutes or so. Also can you confirm that the account in AD is not expired instead of locked?
0
 
LVL 14

Assisted Solution

by:JAN PAKULA
JAN PAKULA earned 63 total points
ID: 34921620
check if she is not logged to any server



    NET SESSION | FIND /C "\\"
Remotely, with the help of SysInternals' PSTools:

    PSEXEC \\servername NET SESSION | FIND /C "\\"
By replacing FIND /C "\\" by FIND "\\" (removing the /C switch) you'll get a list of logged on users instead of just the number of users.

Jan ICt Tech MA CCNA

http://www.robvanderwoude.com/ntadmincommands.php#Cmd01

delete account (copy files first ) and recreate - assigning security memberships and privileges to her files
0
 
LVL 13

Assisted Solution

by:CrashDummy_MS
CrashDummy_MS earned 62 total points
ID: 34921657
It's possible that the account is getting locked out again as soon as you unlock it. Perhaps some device, service or task is set to use her credentials. Install the additional info tab and you can see when the last bad password was.
http://msforums.ph/blogs/monsalvador/archive/2007/07/04/how-to-view-additional-account-user-information-in-active-directory-windows-server-2003-and-2008.aspx
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 6

Assisted Solution

by:Kris Montgomery
Kris Montgomery earned 62 total points
ID: 34921849
I will agree with the last comment... To add, that 'some device' is usually their cell phone.  Make sure the correct credentials are on the phone.

Also see if any backup software is trying to run as that account automatically with incorrect credentials.

Thanks.
mug
0
 
LVL 3

Accepted Solution

by:
biofishfreak earned 0 total points
ID: 34921975
Thanks for the reply guys. I had downloaded the advanced account info tools prior to posting to EE, and that was getting the same error of not logging off. The user was logged off, so I shut the machine all the way down and the issue cleared without issue.
0
 
LVL 5

Expert Comment

by:alreadyinuse
ID: 34922522
You might also see failed logon events in the security logs on the authenticating domain controller for the account getting locked out.
0
 
LVL 3

Author Closing Comment

by:biofishfreak
ID: 35135893
Shutting down the machine while then clearing AD worked fine.
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question