Go Premium for a chance to win a PS4. Enter to Win

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5272
  • Last Modified:

User Account won't unlock after repeated attempts

I have a user that had her computer tell her she is locked out, and no matter how much I try the normal "unlock" function through AD, it keeps showing as locked. She swears she isn't logged in on any other machines, too. Any thoughts?
5 Solutions
How many domain controllers do you have? The locked attribute will replicate but somethimes it takes a few minutes or so. Also can you confirm that the account in AD is not expired instead of locked?
JAN PAKULACommented:
check if she is not logged to any server

    NET SESSION | FIND /C "\\"
Remotely, with the help of SysInternals' PSTools:

    PSEXEC \\servername NET SESSION | FIND /C "\\"
By replacing FIND /C "\\" by FIND "\\" (removing the /C switch) you'll get a list of logged on users instead of just the number of users.

Jan ICt Tech MA CCNA


delete account (copy files first ) and recreate - assigning security memberships and privileges to her files
It's possible that the account is getting locked out again as soon as you unlock it. Perhaps some device, service or task is set to use her credentials. Install the additional info tab and you can see when the last bad password was.
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Kris MontgomeryCommented:
I will agree with the last comment... To add, that 'some device' is usually their cell phone.  Make sure the correct credentials are on the phone.

Also see if any backup software is trying to run as that account automatically with incorrect credentials.

biofishfreakAuthor Commented:
Thanks for the reply guys. I had downloaded the advanced account info tools prior to posting to EE, and that was getting the same error of not logging off. The user was logged off, so I shut the machine all the way down and the issue cleared without issue.
You might also see failed logon events in the security logs on the authenticating domain controller for the account getting locked out.
biofishfreakAuthor Commented:
Shutting down the machine while then clearing AD worked fine.

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Tackle projects and never again get stuck behind a technical roadblock.
Join Now