Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


User gets always locked out in our Active Directory

Posted on 2012-08-30
Medium Priority
Last Modified: 2012-08-31
In our school we had to renew a few user passwords due to an IPad enrollment using the New Lion Server that now comes with a program called "Profile Manager". Profile Manager control IPads, Imacs, Ipods, Powerbooks, amongst other Apple devices. It manages those devices by pushing updates and also had a control on all Apple network (so far 800 Ipads)

We had to change some User passwords in our AD due to an IPad deployment in our school, which asks the user to renew their passwords in order to do their IPad enrolment into the Profile Manager.

The issue we have now is:

We have a user that it doesn't matter what she does or our IT Technician or the IT Admin, her password always gets locked out in our AD.

Useful Comments:

By enrolling the Ipad she gets through some profiles that automatically installs itself on the IPads. Those profiles bring an email account details that makes the IPads set their Users e-mail account in this device after they go through the enrollment procedure.

She also doesn't have any account setup on other devices apart from her Windows desktop computer. If she renew her password in Windows she have to retype this password into her Ipad where her Microsoft Exchange account is set up in order to receive emails on her Ipad, which is common nowadays.


After the enrollment, she get locked up always in our AD. It doesn't matter if we renew her password she still get on locked after restart her machine, and she gets locked up again, and again.

Would you know what is causing this issue? Do you think that our AD has also a problem in regards to her user account? Would you also give us any hints where we could look up for the solution (Microsoft Exchange?)??


Question by:mallony
LVL 84

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 800 total points
ID: 38352511
go through the event logs and see which ip address is generating the lockout and which dns server she is connecting to.. somewhere along the line there is a bad password that is causing the lockout.. remember that l's and 1's O's and 0's look almost the same.

Assisted Solution

jekautz earned 400 total points
ID: 38352514
Use Microsoft's Account Lockout Tools.  They were designed exactly for this issue.  I have used them myself on a number of networks large and small and they always help me locate the issue.


Author Comment

ID: 38353269
Thanks for the link above but that's is the tools for the old versions of Windows server (2000,2003) and we are running 2008R2.

Can you send me the link for Server 2008 R2?
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

LVL 84

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 800 total points
ID: 38353280
the same tool works for both o/s's

Expert Comment

ID: 38353473
M sure there would be a virus on your network, please check it first,  and the remove the particular Ipad, where you had tried to login in your account and then try to login.
LVL 10

Assisted Solution

by:Prashant Girennavar
Prashant Girennavar earned 400 total points
ID: 38353660
Account lockout tool won't work with windows server 2008 R2 . You have some other method for this os.

You should follow below link to understand this better.


Same discussion


Hope this helps


LVL 11

Accepted Solution

hecgomrec earned 400 total points
ID: 38354056
The Apple devices are used for emails only?

Her windows station is running Win7?

Author Closing Comment

ID: 38355554
great thanks!

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question