I've been having an issue recently with domain users who recently changed their passwords getting locked out of their computers. I've run into this issue about three times now in the past week or two, and this time, the things I tried in the past aren't working.
Previously, I've been able to reset the password on both of my local DCs, and remove / rejoin the workstation from the domain and have the user successfully log back in to their workstations. Now I have a user who is unable to login after changing his password last week, and he's unable to login on any of the workstations he's usually working at.
He's a local admin on the PCs he's using (he's the leader of his particular team), so I thought maybe there was some issue with Windows storing his old credentials locally and not allowing him to login with his new password. I've tried removing the computer from the domain, deleting it in AD, and then rejoining to the domain, I've tried removing his local admin account access in User Account Management on the local box, I've had him reset his password on both of the local DCs to make sure it's not an issue of replication (since I'm not sure which DC he's authenticating to from his PC), but so far nothing has worked.
Can someone give me a hand? Is there a cause to this that I can fix to prevent it from happening to other users?