Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

One user keeps getting locked out of his AD account forcing unlocks and password resets.

Posted on 2011-03-02
6
Medium Priority
?
713 Views
Last Modified: 2012-05-11
I have a user who has logged 8 calls over a 4 week period reporting the following;
"can't logon, saying account is locked" - Acc is unlocked and PW reset
"Account OK for 2-3 hours but then locks again" - Acc is unlocked and PW reset
"User Account locked out" - Acc is unlocked and PW reset
etc etc
I have checked GPO to ensure nothing has been configured for the individual but I just need to know if there is anything I should be checking on the individuals account settings/profile/etc that would cause this to happen.
0
Comment
Question by:CTCRM
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 35018757
Check out the Microsoft Account Lockout Toolkit
0
 
LVL 5

Expert Comment

by:NotVeryFat
ID: 35018763
I'd possibly begin by reviewing the DC event logs for this user to see where the account's being locked from (what PC/ source IP address) and then seeing if it's a service/ scheduled task etc that's running as this user.

Or something web based that's cached his previous credentials and failing to refresh (ie OWA etc). Could be worth therefore clearing all his Internet password cache.
0
 
LVL 2

Expert Comment

by:youngstr11
ID: 35018776
Check for any scheduled tasks the user has setup with a password it may be a old password.

Check this out, It will allow you to see the lockouts as they happen. I think you can also install something on the users machine so you can see if they are locking themselves out.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=D1A5ED1D-CD55-4829-A189-99515B0E90F7
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 4

Accepted Solution

by:
EshuunDara earned 750 total points
ID: 35019336
When this happens in my environment, it means the user is logged in somewhere else, or someone isn't paying attention.  By default, windows remembers who logged in last; so if you login to computerA as Bob, then move to computer B and log in there, you're fine until Susie comes by and tries to use ComputerA and just types in her password (without changing the username).  The fix to that is to set group policy to not remember who logged in last.

I recommend reviewing your DCs to see where that user is logging in from.  If you're running Windows 2003 DCs I recommend using EventCombMT to find out what that user is doing.  It's a really great, easy to use tool.  If you're using Windows 2008, you'll need to manually log into each server and filter the Security log for event 4740.
0
 
LVL 1

Expert Comment

by:networkadminkjmc
ID: 35022665
This happend to me all the time. The user has logged in somewhere else and the computer is locked under that users account.
Do a search for an app called "Locate user". This will tell you which computers the user is currently logged in on.
0
 
LVL 2

Author Closing Comment

by:CTCRM
ID: 35047501
Parts of tis advice as helped me investiate and partially esolve the issue along with other help and advice, very much appreciated. Thanks
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Let's recap what we learned from yesterday's Skyport Systems webinar.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question