Solved

User Account won't unlock after repeated attempts

Posted on 2011-02-17
7
4,510 Views
Last Modified: 2012-05-11
I have a user that had her computer tell her she is locked out, and no matter how much I try the normal "unlock" function through AD, it keeps showing as locked. She swears she isn't logged in on any other machines, too. Any thoughts?
0
Comment
Question by:biofishfreak
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 5

Assisted Solution

by:alreadyinuse
alreadyinuse earned 63 total points
ID: 34921580
How many domain controllers do you have? The locked attribute will replicate but somethimes it takes a few minutes or so. Also can you confirm that the account in AD is not expired instead of locked?
0
 
LVL 14

Assisted Solution

by:JAN PAKULA
JAN PAKULA earned 63 total points
ID: 34921620
check if she is not logged to any server



    NET SESSION | FIND /C "\\"
Remotely, with the help of SysInternals' PSTools:

    PSEXEC \\servername NET SESSION | FIND /C "\\"
By replacing FIND /C "\\" by FIND "\\" (removing the /C switch) you'll get a list of logged on users instead of just the number of users.

Jan ICt Tech MA CCNA

http://www.robvanderwoude.com/ntadmincommands.php#Cmd01

delete account (copy files first ) and recreate - assigning security memberships and privileges to her files
0
 
LVL 13

Assisted Solution

by:CrashDummy_MS
CrashDummy_MS earned 62 total points
ID: 34921657
It's possible that the account is getting locked out again as soon as you unlock it. Perhaps some device, service or task is set to use her credentials. Install the additional info tab and you can see when the last bad password was.
http://msforums.ph/blogs/monsalvador/archive/2007/07/04/how-to-view-additional-account-user-information-in-active-directory-windows-server-2003-and-2008.aspx
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 6

Assisted Solution

by:Kris Montgomery
Kris Montgomery earned 62 total points
ID: 34921849
I will agree with the last comment... To add, that 'some device' is usually their cell phone.  Make sure the correct credentials are on the phone.

Also see if any backup software is trying to run as that account automatically with incorrect credentials.

Thanks.
mug
0
 
LVL 3

Accepted Solution

by:
biofishfreak earned 0 total points
ID: 34921975
Thanks for the reply guys. I had downloaded the advanced account info tools prior to posting to EE, and that was getting the same error of not logging off. The user was logged off, so I shut the machine all the way down and the issue cleared without issue.
0
 
LVL 5

Expert Comment

by:alreadyinuse
ID: 34922522
You might also see failed logon events in the security logs on the authenticating domain controller for the account getting locked out.
0
 
LVL 3

Author Closing Comment

by:biofishfreak
ID: 35135893
Shutting down the machine while then clearing AD worked fine.
0

Featured Post

Comparison of Amazon Drive, Google Drive, OneDrive

What is Best for Backup: Amazon Drive, Google Drive or MS OneDrive? In this free whitepaper we look at their performance, pricing, and platform availability to help you decide which cloud drive is right for your situation. Download and read the results of our testing for free!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In-place Upgrading Dirsync to Azure AD Connect
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question