How to fix locked-out AD User repeatedly

Hello

Repeated Active Directory (AD) account lockouts can be frustrating and challenging to resolve. Here are some steps you can take to troubleshoot this issue:

Check for Cached Credentials: Cached credentials can cause repeated lockouts. Clear any cached credentials on the user’s system.

Check for Mapped Drives: Mapped drives using old credentials can cause lockouts. Ensure all mapped drives are disconnected.

Check for Scheduled Tasks: Scheduled tasks running with outdated credentials can cause lockouts.

Check for Services Running with User’s Credentials: Any services running with the user’s credentials can cause lockouts if the password has changed.

Check for Active Sync Devices: Mobile devices or other active sync devices with outdated credentials can cause lockouts.

Check for Stored Usernames and Passwords: Stored usernames and passwords can cause lockouts if they are outdated.

Check for Disconnected Terminal Server Sessions: A disconnected Terminal Server session running with outdated credentials can cause lockouts.

Check for AD Replication Issues: If there are any AD replication issues, they can cause account lockouts.

If the account continues to get locked out, it might be beneficial to use a tool like Microsoft’s Account Lockout and Management Tools to help identify the source of the lockouts.

https://www.microsoft.com/en-us/download/details.aspx?id=18465

Remember, it’s crucial to analyze and detect the root cause of an account lockout quickly so user accounts don’t remain locked out long.

You want to enable the audit logs on your domain controllers so you can review event 4740.

Here is an article with detailed steps and PS commands.

https://activedirectorypro.com/account-lockout-event-id/