How to fix locked-out AD User repeatedly

Jonathan Jeremia 5 Reputation points
2023-10-30T01:18:55.9433333+00:00

Hello all. I have a question. I have checked proxy, checked credential manager windows, reconnected work or school account, and disconnected mapped drives for locked-out AD. But, now is still locked-out. How to fix repeatedly locked-out AD User? Thanks in advance.

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Windows for business | Windows Server | User experience | Other
0 comments No comments
{count} vote

2 answers

Sort by: Most helpful
  1. Wesley Li-MSFT 4,576 Reputation points Microsoft External Staff
    2023-11-08T07:20:44.7133333+00:00

    Hello

    Repeated Active Directory (AD) account lockouts can be frustrating and challenging to resolve. Here are some steps you can take to troubleshoot this issue:

    Check for Cached Credentials: Cached credentials can cause repeated lockouts. Clear any cached credentials on the user’s system.

    Check for Mapped Drives: Mapped drives using old credentials can cause lockouts. Ensure all mapped drives are disconnected.

    Check for Scheduled Tasks: Scheduled tasks running with outdated credentials can cause lockouts.

    Check for Services Running with User’s Credentials: Any services running with the user’s credentials can cause lockouts if the password has changed.

    Check for Active Sync Devices: Mobile devices or other active sync devices with outdated credentials can cause lockouts.

    Check for Stored Usernames and Passwords: Stored usernames and passwords can cause lockouts if they are outdated.

    Check for Disconnected Terminal Server Sessions: A disconnected Terminal Server session running with outdated credentials can cause lockouts.

    Check for AD Replication Issues: If there are any AD replication issues, they can cause account lockouts.

    If the account continues to get locked out, it might be beneficial to use a tool like Microsoft’s Account Lockout and Management Tools to help identify the source of the lockouts.

    https://www.microsoft.com/en-us/download/details.aspx?id=18465

    Remember, it’s crucial to analyze and detect the root cause of an account lockout quickly so user accounts don’t remain locked out long.

    1 person found this answer helpful.

  2. Matt roberts 5 Reputation points
    2023-11-08T14:41:32.2566667+00:00

    You want to enable the audit logs on your domain controllers so you can review event 4740.

    Here is an article with detailed steps and PS commands.

    https://activedirectorypro.com/account-lockout-event-id/


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.