Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

User account in Active Directory keeps locking itself out.

Posted on 2013-02-07
9
Medium Priority
?
2,710 Views
Last Modified: 2013-02-10
I have a user who's AD account is always getting locked out continuously.  I verified that the user didn't have some sort of task scheduler running or even an Android or Smartphone trying to connect with the wrong password.  The only thing I have been able to determine is as long as the AD account is logged into the Domain the account will lock itself after a few minutes.  The users OS is Windows 7 Pro and I also looked a the Microsoft Vault to ensure that there wasn't anything saved with the old password.

Anyone have seen this before or have suggestions?

Regards
0
Comment
Question by:solaadmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 17

Expert Comment

by:Tony Massa
ID: 38863640
Enable audit of security event failures on the PC (it's disabled by default)
GPEDIT.msc --> Computer Configuration --> Security Settings --> Local Policies --> Audit Policy

Enable auditing for both logon events (Success/Failure) and Account Logon Events (Success/Failure)

If you are a domain admin, you should use lockoutstatus.exe to find out which domain controller locked out the user.  Then log on to the DC and search the event logs (Security) for the user ID to see where the failed attempts are originating.  The DC event log will have the IP address of the computer sending the bad passwords (almost always the user's PC).

Then you would eventually end up back at the user's computer, where you would enable failure logging.  Check the security logs to find failed logon attempts by the user account.  You will get a process ID of the failed attempts.
0
 

Author Comment

by:solaadmin
ID: 38863714
I did all of that already (great suggestion for anyone who has never done this before), it points back to the local computer and it logs a SAM error saying that I should reset the user password (which was done many times).  

This morning, I decided to used another computer and logged in with the user account and let it run for the past hour and it didn't lock his account at all.  Sooooo :) this leads me to believe then that it could be a corrupted user profile on the local computer that is causing the issue (at least I think it maybe).  

Do you agree or any other suggestions?
0
 
LVL 17

Expert Comment

by:Tony Massa
ID: 38863738
Is the AD actually locking the account, or does the local computer seem to think that the local (cached) password is different than AD?  Are there actual failed logon attempts logged by the local PC with a process ID?
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:solaadmin
ID: 38863753
The account in AD is actually being locked every so minute (after I unlock it of course).  I didn't check the local computer Event Log (user is traveling at the moment) so I had to rely on the event logs from AD.

The new laptop that I used to test his account profile is working just fine and it has not locked his AD account once in the past hour.
0
 
LVL 4

Expert Comment

by:amclaughlin01
ID: 38863850
Have you tried to create a new profile on the computer for the user?  This might resolve the issue if it is something within the profile, seeing that it does not lock them out when logging into another computer.
0
 
LVL 17

Expert Comment

by:Tony Massa
ID: 38864044
Do they have a mobile device with an email account configured that could be locking the account?
0
 
LVL 24

Accepted Solution

by:
Nagendra Pratap Singh earned 2000 total points
ID: 38866682
I would rename the user profile and see if it solves the stuff.

Then I would copy the files to the new profile from the old one. Should be a 5 minute job.
0
 
LVL 20

Expert Comment

by:compdigit44
ID: 38873736
1) was the workstation created from a cloned image?

2) have you gone to start -> run and typed in "control userpasswords2" to ensure so user accounts or passwords are being cached?

3) on the workstation install MS Network Monitor then log into the workstation as the affect user and let the monitor run for 15 - 30 minutes. Then parse the capture for all authentication traffic and look for log on failures...
0
 

Author Comment

by:solaadmin
ID: 38874485
I ended up renaming the user profile, created a new one and copied the user files from the old profile.  That seemed to resolve the issue.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Let's recap what we learned from yesterday's Skyport Systems webinar.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question