[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

User Account won't unlock after repeated attempts

Posted on 2011-02-17
7
Medium Priority
?
5,532 Views
Last Modified: 2012-05-11
I have a user that had her computer tell her she is locked out, and no matter how much I try the normal "unlock" function through AD, it keeps showing as locked. She swears she isn't logged in on any other machines, too. Any thoughts?
0
Comment
Question by:biofishfreak
7 Comments
 
LVL 5

Assisted Solution

by:alreadyinuse
alreadyinuse earned 252 total points
ID: 34921580
How many domain controllers do you have? The locked attribute will replicate but somethimes it takes a few minutes or so. Also can you confirm that the account in AD is not expired instead of locked?
0
 
LVL 14

Assisted Solution

by:JAN PAKULA
JAN PAKULA earned 252 total points
ID: 34921620
check if she is not logged to any server



    NET SESSION | FIND /C "\\"
Remotely, with the help of SysInternals' PSTools:

    PSEXEC \\servername NET SESSION | FIND /C "\\"
By replacing FIND /C "\\" by FIND "\\" (removing the /C switch) you'll get a list of logged on users instead of just the number of users.

Jan ICt Tech MA CCNA

http://www.robvanderwoude.com/ntadmincommands.php#Cmd01

delete account (copy files first ) and recreate - assigning security memberships and privileges to her files
0
 
LVL 13

Assisted Solution

by:CrashDummy_MS
CrashDummy_MS earned 248 total points
ID: 34921657
It's possible that the account is getting locked out again as soon as you unlock it. Perhaps some device, service or task is set to use her credentials. Install the additional info tab and you can see when the last bad password was.
http://msforums.ph/blogs/monsalvador/archive/2007/07/04/how-to-view-additional-account-user-information-in-active-directory-windows-server-2003-and-2008.aspx
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
LVL 6

Assisted Solution

by:Kris Montgomery
Kris Montgomery earned 248 total points
ID: 34921849
I will agree with the last comment... To add, that 'some device' is usually their cell phone.  Make sure the correct credentials are on the phone.

Also see if any backup software is trying to run as that account automatically with incorrect credentials.

Thanks.
mug
0
 
LVL 3

Accepted Solution

by:
biofishfreak earned 0 total points
ID: 34921975
Thanks for the reply guys. I had downloaded the advanced account info tools prior to posting to EE, and that was getting the same error of not logging off. The user was logged off, so I shut the machine all the way down and the issue cleared without issue.
0
 
LVL 5

Expert Comment

by:alreadyinuse
ID: 34922522
You might also see failed logon events in the security logs on the authenticating domain controller for the account getting locked out.
0
 
LVL 3

Author Closing Comment

by:biofishfreak
ID: 35135893
Shutting down the machine while then clearing AD worked fine.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I’m willing to make a bet that your organization stores sensitive data in your Windows File Servers; files and folders that you really don’t want making it into the wrong hands.
The article explains the process to deploy a Self-Service password reset portal I developed a few years ago. Hopefully, it will prove useful to someone.  Any comments, bug reports etc. are welcome...
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question