asked on
AD accounts locking out after UPN changed
Hi. We have 3 sites with 2 DCs at each site. (Same Domain)
Our users login with their SAM account. Domain\JBloggs
Yesterday in preparation for migrating to Office 365 we changed the users UPN from JBloggs@domainname.local to joe.bloggs@domainname.net ,although the users still log in with their SAM Account Domain\JBloggs
(Our email for the moment is still hosted by another company).
Since we made the change, approx 10% of our users across the 3 sites experience their accounts locking out after inactivity and their device has got back to the login screen.
When attempting to log in, they get the error “The referenced account is currently locked and may not be logged on to”.
If the user reboots their device, they are able to log back in with the same password.
Or they can log back in once I have reset their password. A few users however are getting repeat occurrences of this.
Could it be saved email credentials in windows credentials manager even though they are using the SAM Account? The hosted exchange password are currently different to the AD Account. I did clear out the email entries in one users control panel>credential manager, however their pc experienced the problem again, not sure if they needed to reboot first?
Any ideas please.
regards
Rick
ASKER
Many thanks for your posts, i will have a look on Monday when i'm back on site, however nothing immediately springs to mind.
Is there an easy way of checking for any apps/services that use the UPN. I cant see any Audit failures on the DCs that are from the users that are locking out.
The odd thing is that if they reboot, they can log back in with the same password, although this may have just coincided with the lockout timer reset ??
I will gather some AD Failure logs from a couple of devices and post on Monday.
I will also change the users AD password to match their Email Exchange password as some of them do save their email passwords.
Regards