user account locking out in active directory

We have a user being continuously locked out in the active directory. Everytime we unlock the user after a few seconds the user gets locked out with the message "This account is currently locked out in this Active Directory Domain Controller"

Also, we noticed, the user changed password and yet is only able to logon using her old password.....not sure if these are related.

kindly help us find out why the account is being locked out



Hi,

i had situation like this.. Check the audit logs on domain controller and find from which IP address user attempts to authenticate, there must be some old log in which tries to login by using old credentials.

For me, it was one of the servers where i forgot to log out :)..



Hi,

i had situation like this.. Check the audit logs on domain controller and find from which IP address user attempts to authenticate, there must be some old log in which tries to login by using old credentials.

For me, it was one of the servers where i forgot to log out :)..



Is this normal user account? Do you use this acoount for example to run some services? It is possible that tis account is used in some services or application (AntiVirus for example) where are saved credentials. It may lock out account.



Does the user have a mobile device? Check passwords.
Has the user logged onto any other PC's? Did they log out / restart ?
Delete Cached password in their browser.

Definitely check the audit log on the domain controller, as this will tell you the source of the lockouts.

James



Go to the user in AD > Right click > Properties > account > Log on to > remove the "all computers" option and select "the following computer" type her computer name and click add > ok > apply > ok

then reset her password and see if everything is ok and she is able to use the new password.

once you confirm that is solved, go to the event ID in your DC and check for events 4740 and 6279, it will tell you what is the computer which caused her account to be locked.

go to that computer and remove her credentials from it, follow the below path to see her credentials and remove it:
Control PanelAll Control Panel ItemsCredential Manager



It sounds like the User is losing the Trust with the DC. Figure out what password they want to use and reset the password in the DC

Disconnect the network cable on the Workstation. Login (with whichever password will work)

Check to make sure which account is being used (Open a CMD box and whatever the path shows is the actual user profile (Under c:users there should be a public default and any other profiles that may have been used. If there is one the users profile then you will know.

Create a temp user in the control panel user accounts (Administrator) you don't need a password for this)


Go into the Properties of Computer and setting - Change the User from the Domain to a work group with the same name as domain name. Restart the computer and login locally to the Windows. Try going in with the original user name - If you can't then login with the test user creds.

Once in use a program such as Profwiz (Free open source) Run the profwiz and put in the domain name (Fully qualified) the Account name Next - Chose the right profile and next -

If you fail the migration - Check the DNS settings - They should be in the following sequence - Server IP - Router IP
Run the Program again. This should do the migration and complete - Then restart PC

Log in to the Domain with your proper password (the password you set in the AD

This restores the trust between the Workstation and the DC without creating a new workstation profile.

The Profwiz program can also be used to migrate a workstation from one Domain to a new domain without having to move files and reset anything but a exchange server entry

Share this

Related Posts

There was an error in this gadget