Domain user account always lock out the user upon initial login.

Please view this previous post.

I've exhausted all troubleshooting steps, but this user continues to get locked out. I was wondering if deleting and recreating the account will resolve the issue. Or, will it just continue to lock out. What other troubleshooting method can i try?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

A tool exists to query the DCs to see which is the one locking such that you can then look through the events to see which system is trying to authenticate the user access to a resource.
This is the quickest way to trace from the locking source (a DC) to the system that sends the failed auth request to the DC.

If you have TErminal servers, check those to see if this user has a session and terminate it if older than the password age. Then have the user check to make sure they did not save credentials for a resource in control keymgr.dll
If you trace it back to an exchange server, the user will need to check all their mobile devices current and former to make sure they did not leave the mail account on a device handed to ......
TemodyPickalbatros, IT ManagerCommented:
Please verify those values on the user PC

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
            Shell = explorer.exe

NOTE: These files may also be deleted by spywares. You may need to extract them using Windows CD.
Oh, deleting and recreating an account will not solve the problem since whatever is authenticating will continue to send the same username in the authentication attempt. Displaying this account in favor of a new username, would on the other hand address the issue.
joukiejoukAuthor Commented:
It can possibly be some persistent mapped drives. If this is the case, how can i check?
Your first step is to identify the system from which the requests with old credentials are coming from. Then you would need to check that system depending on what it is, whether the user is logged in. logging the user off after confirming with the user that this is an outdated session is one option.
If there are multiple sources for this user's requests, determining the commonality between them i.e. what services does each system provide, i.e. file servers, etc.

Depending on the user, the number of systems they might access is likely limited.

Mapped drives use the loged in user session. as you pointed out, the user tends to disconnect versus logoff such that any resources that session had on disconnect are still being periodically probed/queried. once the session is terminated/logged off, the mapped drive will use the new credentials should the user login.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.