Windows forgets user password (Active Directory) on unlocking, but logging on via Other User with same credentials logs in fine

Shane B 0 Reputation points


We have a strange issue that randomly affects some users, with one repeatably facing the issue. The PC is a Windows 10 Pro device attached to Active Directory (Windows Server 2016) on our LAN (the occassional one via VPN). The users will try to unlock their workstations with their AD credentials, however it will tell them their username or password is incorrect. However, if they change to Other user and enter the same username (domain\username) and password, they will unlock and login fine. This is a bit of a nuisance for the users and I'd like to try and get to the bottom of it if possible.

Does anybody have any suggestions?

Thanks in advance.



Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
9,470 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
4,321 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Limitless Technology 26,326 Reputation points

    Hello Shane,

    Thank you for your question and for reaching out with your question today.

    This is happening because the remembered username is not including the domain. Therefore, it will not authenticate and when entered manually, it will. In order to resolve this issue you need to ensure that Windows 10 remembers not only the username, but also the domain to which it is connecting.

    1. Type gpedit.msc into Run box, Enter.
    2. Navigate to the following group policy object:

    Computer Configuration\Administrative Templates\System\Logon

    1. Find the entry "Block user from showing account details on sign-in" and "Do not enumerate connected users on domain-joined computer" and "Enumerate local users on domain-joined computers" in the right pane.
    2. Configure "Block user from showing account details on sign-in" and "Do not enumerate connected users on domain-joined computer" as "Not configured" or "Disabled".
    3. If you want to list all local user account, you can set "Enumerate local users on domain-joined computers" policy as "Enabled".

    If the reply was helpful, please don’t forget to upvote or accept as answer.

    Best regards.