Friday, 30 October 2015

User account locks out frequently

One of my colleagues recently changed his password. Since then, his domain account keeps locking out frequently even though he enters correct password. He asked me to investigate why does this happen?

There are multiple reasons, why domain account locks out frequently. First of all, I suggest you to find out when user’s account got locked and on what Domain Controller (DC). If user logs on to more than 1 PC, it may be possible that one of the PC is still using expired password. You can use Lockout status tool offered by Microsoft. It’s free tool, CLICK HERE to download it. Using this tool, you can find out that account is locked on any particular DC. Once you’ve identified correct DC, check the event log of that DC to locate the PC name.

If user doesn’t log on to any other PC, log in to his/her PC locally or remotely. Try to locate any services or schedule task running using user’s credential. You will have to restart services or schedule task using their current login details. Also, it is worth trying to remap networks drives. It may be possible that user has mapped a drive to a resource from another PC and on that PC; he/she has modified their password.

Please check with user if he/she using any mobile devices or tablets with an embedded password which could be trying to authenticate using wrong password. 

Please leave comments in comment box if you find this article informative.

3 comments:

  1. Hi Friend, I have tried the above but doesn't work.

    What's a DC? I don't think I have more than one.

    How can I please unlock my local account?

    ReplyDelete
  2. Hi Jay,

    I am really sorry if link didn't work. I have tested it again and it is working fine. However, you can access same page by going to http://www.microsoft.com/en-us/download/details.aspx?id=15201

    DC stands for Domain Controller. It is the server where Active Directory services role is installed.

    Can you please provide more info about unlocking local account? Do you want to unlock local standard account or local admin account?

    TechieTalks Team

    ReplyDelete
    Replies
    1. Hello.

      This is wrong, DC actually stands as a name for a rather famous line of comics. Outrageous claims like this will just confuse people.

      However, this didn't work for me either. I use one account for my android, one for my BB, one for my iOS, one for my other iOs, then the second one again for my other android, the first one for my chromecast, the fourth for my roku box, but I keep a seperate one for my standard domain account and the same one but different for my shared secure admin accounts because security is my top priority.

      But they get locked out. Why?

      Delete