• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3042
  • Last Modified:

User gets always locked out in our Active Directory

In our school we had to renew a few user passwords due to an IPad enrollment using the New Lion Server that now comes with a program called "Profile Manager". Profile Manager control IPads, Imacs, Ipods, Powerbooks, amongst other Apple devices. It manages those devices by pushing updates and also had a control on all Apple network (so far 800 Ipads)

We had to change some User passwords in our AD due to an IPad deployment in our school, which asks the user to renew their passwords in order to do their IPad enrolment into the Profile Manager.

The issue we have now is:

We have a user that it doesn't matter what she does or our IT Technician or the IT Admin, her password always gets locked out in our AD.

Useful Comments:

By enrolling the Ipad she gets through some profiles that automatically installs itself on the IPads. Those profiles bring an email account details that makes the IPads set their Users e-mail account in this device after they go through the enrollment procedure.

She also doesn't have any account setup on other devices apart from her Windows desktop computer. If she renew her password in Windows she have to retype this password into her Ipad where her Microsoft Exchange account is set up in order to receive emails on her Ipad, which is common nowadays.


After the enrollment, she get locked up always in our AD. It doesn't matter if we renew her password she still get on locked after restart her machine, and she gets locked up again, and again.

Would you know what is causing this issue? Do you think that our AD has also a problem in regards to her user account? Would you also give us any hints where we could look up for the solution (Microsoft Exchange?)??


5 Solutions
David Johnson, CD, MVPOwnerCommented:
go through the event logs and see which ip address is generating the lockout and which dns server she is connecting to.. somewhere along the line there is a bad password that is causing the lockout.. remember that l's and 1's O's and 0's look almost the same.
Use Microsoft's Account Lockout Tools.  They were designed exactly for this issue.  I have used them myself on a number of networks large and small and they always help me locate the issue.

mallonyIT TechnicianAuthor Commented:
Thanks for the link above but that's is the tools for the old versions of Windows server (2000,2003) and we are running 2008R2.

Can you send me the link for Server 2008 R2?
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

David Johnson, CD, MVPOwnerCommented:
the same tool works for both o/s's
M sure there would be a virus on your network, please check it first,  and the remove the particular Ipad, where you had tried to login in your account and then try to login.
Prashant GirennavarCommented:
Account lockout tool won't work with windows server 2008 R2 . You have some other method for this os.

You should follow below link to understand this better.


Same discussion


Hope this helps


The Apple devices are used for emails only?

Her windows station is running Win7?
mallonyIT TechnicianAuthor Commented:
great thanks!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now