User gets always locked out in our Active Directory

Posted on 2012-08-30
Last Modified: 2012-08-31
In our school we had to renew a few user passwords due to an IPad enrollment using the New Lion Server that now comes with a program called "Profile Manager". Profile Manager control IPads, Imacs, Ipods, Powerbooks, amongst other Apple devices. It manages those devices by pushing updates and also had a control on all Apple network (so far 800 Ipads)

We had to change some User passwords in our AD due to an IPad deployment in our school, which asks the user to renew their passwords in order to do their IPad enrolment into the Profile Manager.

The issue we have now is:

We have a user that it doesn't matter what she does or our IT Technician or the IT Admin, her password always gets locked out in our AD.

Useful Comments:

By enrolling the Ipad she gets through some profiles that automatically installs itself on the IPads. Those profiles bring an email account details that makes the IPads set their Users e-mail account in this device after they go through the enrollment procedure.

She also doesn't have any account setup on other devices apart from her Windows desktop computer. If she renew her password in Windows she have to retype this password into her Ipad where her Microsoft Exchange account is set up in order to receive emails on her Ipad, which is common nowadays.


After the enrollment, she get locked up always in our AD. It doesn't matter if we renew her password she still get on locked after restart her machine, and she gets locked up again, and again.

Would you know what is causing this issue? Do you think that our AD has also a problem in regards to her user account? Would you also give us any hints where we could look up for the solution (Microsoft Exchange?)??


Question by:mallony
    LVL 77

    Assisted Solution

    by:David Johnson, CD, MVP
    go through the event logs and see which ip address is generating the lockout and which dns server she is connecting to.. somewhere along the line there is a bad password that is causing the lockout.. remember that l's and 1's O's and 0's look almost the same.
    LVL 4

    Assisted Solution

    Use Microsoft's Account Lockout Tools.  They were designed exactly for this issue.  I have used them myself on a number of networks large and small and they always help me locate the issue.

    Author Comment

    Thanks for the link above but that's is the tools for the old versions of Windows server (2000,2003) and we are running 2008R2.

    Can you send me the link for Server 2008 R2?
    LVL 77

    Assisted Solution

    by:David Johnson, CD, MVP
    the same tool works for both o/s's
    LVL 3

    Expert Comment

    M sure there would be a virus on your network, please check it first,  and the remove the particular Ipad, where you had tried to login in your account and then try to login.
    LVL 10

    Assisted Solution

    by:Prashant Girennavar
    Account lockout tool won't work with windows server 2008 R2 . You have some other method for this os.

    You should follow below link to understand this better.

    Same discussion

    Hope this helps


    LVL 11

    Accepted Solution

    The Apple devices are used for emails only?

    Her windows station is running Win7?

    Author Closing Comment

    great thanks!

    Featured Post

    Are your corporate email signatures appalling?

    Is it scary how unprofessional your email signatures look? Do users create their own terrible designs and give themselves stupid job titles? You can make this a lot easier for yourself by choosing an email signature management solution from Exclaimer today.

    Join & Write a Comment

    I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
    First some basics on Windows 7 Backup.  It has 2 components one is a file based backup which is stored in .zip files each zip is split at around 200 Megabytes and there is the Image Backup which is as the name implies a total image of the partition …
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
    This Micro Tutorial will teach you how to the overview of Microsoft Security Essentials. This is a free anti-virus software that guards your PC against viruses, spyware, worms, and other malicious software. This will be demonstrated using Windows…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now