Solved

One user keeps getting locked out of his AD account forcing unlocks and password resets.

Posted on 2011-03-02
6
695 Views
Last Modified: 2012-05-11
I have a user who has logged 8 calls over a 4 week period reporting the following;
"can't logon, saying account is locked" - Acc is unlocked and PW reset
"Account OK for 2-3 hours but then locks again" - Acc is unlocked and PW reset
"User Account locked out" - Acc is unlocked and PW reset
etc etc
I have checked GPO to ensure nothing has been configured for the individual but I just need to know if there is anything I should be checking on the individuals account settings/profile/etc that would cause this to happen.
0
Comment
Question by:CTCRM
6 Comments
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 35018757
Check out the Microsoft Account Lockout Toolkit
0
 
LVL 5

Expert Comment

by:NotVeryFat
ID: 35018763
I'd possibly begin by reviewing the DC event logs for this user to see where the account's being locked from (what PC/ source IP address) and then seeing if it's a service/ scheduled task etc that's running as this user.

Or something web based that's cached his previous credentials and failing to refresh (ie OWA etc). Could be worth therefore clearing all his Internet password cache.
0
 
LVL 2

Expert Comment

by:youngstr11
ID: 35018776
Check for any scheduled tasks the user has setup with a password it may be a old password.

Check this out, It will allow you to see the lockouts as they happen. I think you can also install something on the users machine so you can see if they are locking themselves out.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=D1A5ED1D-CD55-4829-A189-99515B0E90F7
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 4

Accepted Solution

by:
EshuunDara earned 250 total points
ID: 35019336
When this happens in my environment, it means the user is logged in somewhere else, or someone isn't paying attention.  By default, windows remembers who logged in last; so if you login to computerA as Bob, then move to computer B and log in there, you're fine until Susie comes by and tries to use ComputerA and just types in her password (without changing the username).  The fix to that is to set group policy to not remember who logged in last.

I recommend reviewing your DCs to see where that user is logging in from.  If you're running Windows 2003 DCs I recommend using EventCombMT to find out what that user is doing.  It's a really great, easy to use tool.  If you're using Windows 2008, you'll need to manually log into each server and filter the Security log for event 4740.
0
 
LVL 1

Expert Comment

by:networkadminkjmc
ID: 35022665
This happend to me all the time. The user has logged in somewhere else and the computer is locked under that users account.
Do a search for an app called "Locate user". This will tell you which computers the user is currently logged in on.
0
 
LVL 2

Author Closing Comment

by:CTCRM
ID: 35047501
Parts of tis advice as helped me investiate and partially esolve the issue along with other help and advice, very much appreciated. Thanks
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
active directory 1 37
simple AD powershell script 8 76
Question about Authentication Domain 6 68
edit user account 1 29
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now