Solved

One user keeps getting locked out of his AD account forcing unlocks and password resets.

Posted on 2011-03-02
6
698 Views
Last Modified: 2012-05-11
I have a user who has logged 8 calls over a 4 week period reporting the following;
"can't logon, saying account is locked" - Acc is unlocked and PW reset
"Account OK for 2-3 hours but then locks again" - Acc is unlocked and PW reset
"User Account locked out" - Acc is unlocked and PW reset
etc etc
I have checked GPO to ensure nothing has been configured for the individual but I just need to know if there is anything I should be checking on the individuals account settings/profile/etc that would cause this to happen.
0
Comment
Question by:CTCRM
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 35018757
Check out the Microsoft Account Lockout Toolkit
0
 
LVL 5

Expert Comment

by:NotVeryFat
ID: 35018763
I'd possibly begin by reviewing the DC event logs for this user to see where the account's being locked from (what PC/ source IP address) and then seeing if it's a service/ scheduled task etc that's running as this user.

Or something web based that's cached his previous credentials and failing to refresh (ie OWA etc). Could be worth therefore clearing all his Internet password cache.
0
 
LVL 2

Expert Comment

by:youngstr11
ID: 35018776
Check for any scheduled tasks the user has setup with a password it may be a old password.

Check this out, It will allow you to see the lockouts as they happen. I think you can also install something on the users machine so you can see if they are locking themselves out.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=D1A5ED1D-CD55-4829-A189-99515B0E90F7
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 4

Accepted Solution

by:
EshuunDara earned 250 total points
ID: 35019336
When this happens in my environment, it means the user is logged in somewhere else, or someone isn't paying attention.  By default, windows remembers who logged in last; so if you login to computerA as Bob, then move to computer B and log in there, you're fine until Susie comes by and tries to use ComputerA and just types in her password (without changing the username).  The fix to that is to set group policy to not remember who logged in last.

I recommend reviewing your DCs to see where that user is logging in from.  If you're running Windows 2003 DCs I recommend using EventCombMT to find out what that user is doing.  It's a really great, easy to use tool.  If you're using Windows 2008, you'll need to manually log into each server and filter the Security log for event 4740.
0
 
LVL 1

Expert Comment

by:networkadminkjmc
ID: 35022665
This happend to me all the time. The user has logged in somewhere else and the computer is locked under that users account.
Do a search for an app called "Locate user". This will tell you which computers the user is currently logged in on.
0
 
LVL 2

Author Closing Comment

by:CTCRM
ID: 35047501
Parts of tis advice as helped me investiate and partially esolve the issue along with other help and advice, very much appreciated. Thanks
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question