Solved

User Account won't unlock after repeated attempts

Posted on 2011-02-17
7
3,744 Views
Last Modified: 2012-05-11
I have a user that had her computer tell her she is locked out, and no matter how much I try the normal "unlock" function through AD, it keeps showing as locked. She swears she isn't logged in on any other machines, too. Any thoughts?
0
Comment
Question by:biofishfreak
7 Comments
 
LVL 5

Assisted Solution

by:alreadyinuse
alreadyinuse earned 63 total points
ID: 34921580
How many domain controllers do you have? The locked attribute will replicate but somethimes it takes a few minutes or so. Also can you confirm that the account in AD is not expired instead of locked?
0
 
LVL 14

Assisted Solution

by:JAN PAKULA
JAN PAKULA earned 63 total points
ID: 34921620
check if she is not logged to any server



    NET SESSION | FIND /C "\\"
Remotely, with the help of SysInternals' PSTools:

    PSEXEC \\servername NET SESSION | FIND /C "\\"
By replacing FIND /C "\\" by FIND "\\" (removing the /C switch) you'll get a list of logged on users instead of just the number of users.

Jan ICt Tech MA CCNA

http://www.robvanderwoude.com/ntadmincommands.php#Cmd01

delete account (copy files first ) and recreate - assigning security memberships and privileges to her files
0
 
LVL 13

Assisted Solution

by:CrashDummy_MS
CrashDummy_MS earned 62 total points
ID: 34921657
It's possible that the account is getting locked out again as soon as you unlock it. Perhaps some device, service or task is set to use her credentials. Install the additional info tab and you can see when the last bad password was.
http://msforums.ph/blogs/monsalvador/archive/2007/07/04/how-to-view-additional-account-user-information-in-active-directory-windows-server-2003-and-2008.aspx
0
 
LVL 6

Assisted Solution

by:Kris Montgomery
Kris Montgomery earned 62 total points
ID: 34921849
I will agree with the last comment... To add, that 'some device' is usually their cell phone.  Make sure the correct credentials are on the phone.

Also see if any backup software is trying to run as that account automatically with incorrect credentials.

Thanks.
mug
0
 
LVL 3

Accepted Solution

by:
biofishfreak earned 0 total points
ID: 34921975
Thanks for the reply guys. I had downloaded the advanced account info tools prior to posting to EE, and that was getting the same error of not logging off. The user was logged off, so I shut the machine all the way down and the issue cleared without issue.
0
 
LVL 5

Expert Comment

by:alreadyinuse
ID: 34922522
You might also see failed logon events in the security logs on the authenticating domain controller for the account getting locked out.
0
 
LVL 3

Author Closing Comment

by:biofishfreak
ID: 35135893
Shutting down the machine while then clearing AD worked fine.
0

Join & Write a Comment

Companies that have implemented Microsoft’s Active Directory need to ensure that the Active Directory is configured and operating properly. If there are issues found and not resolved, it eventually leads the components to fail or stop working and fi…
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now