Solved

One user keeps getting locked out of his AD account forcing unlocks and password resets.

Posted on 2011-03-02
6
694 Views
Last Modified: 2012-05-11
I have a user who has logged 8 calls over a 4 week period reporting the following;
"can't logon, saying account is locked" - Acc is unlocked and PW reset
"Account OK for 2-3 hours but then locks again" - Acc is unlocked and PW reset
"User Account locked out" - Acc is unlocked and PW reset
etc etc
I have checked GPO to ensure nothing has been configured for the individual but I just need to know if there is anything I should be checking on the individuals account settings/profile/etc that would cause this to happen.
0
Comment
Question by:CTCRM
6 Comments
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 35018757
Check out the Microsoft Account Lockout Toolkit
0
 
LVL 5

Expert Comment

by:NotVeryFat
ID: 35018763
I'd possibly begin by reviewing the DC event logs for this user to see where the account's being locked from (what PC/ source IP address) and then seeing if it's a service/ scheduled task etc that's running as this user.

Or something web based that's cached his previous credentials and failing to refresh (ie OWA etc). Could be worth therefore clearing all his Internet password cache.
0
 
LVL 2

Expert Comment

by:youngstr11
ID: 35018776
Check for any scheduled tasks the user has setup with a password it may be a old password.

Check this out, It will allow you to see the lockouts as they happen. I think you can also install something on the users machine so you can see if they are locking themselves out.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=D1A5ED1D-CD55-4829-A189-99515B0E90F7
0
 
LVL 4

Accepted Solution

by:
EshuunDara earned 250 total points
ID: 35019336
When this happens in my environment, it means the user is logged in somewhere else, or someone isn't paying attention.  By default, windows remembers who logged in last; so if you login to computerA as Bob, then move to computer B and log in there, you're fine until Susie comes by and tries to use ComputerA and just types in her password (without changing the username).  The fix to that is to set group policy to not remember who logged in last.

I recommend reviewing your DCs to see where that user is logging in from.  If you're running Windows 2003 DCs I recommend using EventCombMT to find out what that user is doing.  It's a really great, easy to use tool.  If you're using Windows 2008, you'll need to manually log into each server and filter the Security log for event 4740.
0
 
LVL 1

Expert Comment

by:networkadminkjmc
ID: 35022665
This happend to me all the time. The user has logged in somewhere else and the computer is locked under that users account.
Do a search for an app called "Locate user". This will tell you which computers the user is currently logged in on.
0
 
LVL 2

Author Closing Comment

by:CTCRM
ID: 35047501
Parts of tis advice as helped me investiate and partially esolve the issue along with other help and advice, very much appreciated. Thanks
0

Join & Write a Comment

Many admins will agree: WSUS is is a nice invention but using it on the client side when updating a newly installed computer is still time consuming as you have to do several reboots and furthermore, the procedure of installing updates, rebooting an…
Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now