Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

One user keeps getting locked out of his AD account forcing unlocks and password resets.

Posted on 2011-03-02
6
697 Views
Last Modified: 2012-05-11
I have a user who has logged 8 calls over a 4 week period reporting the following;
"can't logon, saying account is locked" - Acc is unlocked and PW reset
"Account OK for 2-3 hours but then locks again" - Acc is unlocked and PW reset
"User Account locked out" - Acc is unlocked and PW reset
etc etc
I have checked GPO to ensure nothing has been configured for the individual but I just need to know if there is anything I should be checking on the individuals account settings/profile/etc that would cause this to happen.
0
Comment
Question by:CTCRM
6 Comments
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 35018757
Check out the Microsoft Account Lockout Toolkit
0
 
LVL 5

Expert Comment

by:NotVeryFat
ID: 35018763
I'd possibly begin by reviewing the DC event logs for this user to see where the account's being locked from (what PC/ source IP address) and then seeing if it's a service/ scheduled task etc that's running as this user.

Or something web based that's cached his previous credentials and failing to refresh (ie OWA etc). Could be worth therefore clearing all his Internet password cache.
0
 
LVL 2

Expert Comment

by:youngstr11
ID: 35018776
Check for any scheduled tasks the user has setup with a password it may be a old password.

Check this out, It will allow you to see the lockouts as they happen. I think you can also install something on the users machine so you can see if they are locking themselves out.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=D1A5ED1D-CD55-4829-A189-99515B0E90F7
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 4

Accepted Solution

by:
EshuunDara earned 250 total points
ID: 35019336
When this happens in my environment, it means the user is logged in somewhere else, or someone isn't paying attention.  By default, windows remembers who logged in last; so if you login to computerA as Bob, then move to computer B and log in there, you're fine until Susie comes by and tries to use ComputerA and just types in her password (without changing the username).  The fix to that is to set group policy to not remember who logged in last.

I recommend reviewing your DCs to see where that user is logging in from.  If you're running Windows 2003 DCs I recommend using EventCombMT to find out what that user is doing.  It's a really great, easy to use tool.  If you're using Windows 2008, you'll need to manually log into each server and filter the Security log for event 4740.
0
 
LVL 1

Expert Comment

by:networkadminkjmc
ID: 35022665
This happend to me all the time. The user has logged in somewhere else and the computer is locked under that users account.
Do a search for an app called "Locate user". This will tell you which computers the user is currently logged in on.
0
 
LVL 2

Author Closing Comment

by:CTCRM
ID: 35047501
Parts of tis advice as helped me investiate and partially esolve the issue along with other help and advice, very much appreciated. Thanks
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question