The behavior is the same for most AD user lockouts, and it is happening on multiple accounts.
AD User locked - Cisco ISE Device
Hello Tech Nerds,
We are experiencing an issue with AD user account lockouts in our environment, where users are getting locked out and Cisco ISE is locking their user accounts. Cisco ISE is used solely for device authentication and not for user authentication. The issue begins when a user changes their password and is only happening to users working from the office, not to those working from home. Any feedback would be helpful.
Troubleshooting steps we've taken:
- Changed the password
- Cleared all credentials from Credential Manager
- Deleted the user profile
- Rebuilt the workstation
- Asked the user not to log in for 24 hours so their Kerberos ticket expires
However, the user account is still getting locked.
Windows for business | Windows Server | Directory services | Active Directory
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.
2 answers
Sort by: Most helpful
-
Anonymous
2024-02-22T07:21:34+00:00 -
Anonymous
2024-02-23T07:57:06+00:00 Hello TechWorld-AI,
Thank you for posting in Microsoft Community forum.
Based on the description "Cisco ISE is locking their user accounts.", if the Cisco ISE device is indeed the lock source, please check if these user accounts logged on the Cisco ISE device in the past, if so, maybe the old user credentials are remembered on Cisco ISE device. Please check if you can try to clear the credential caches on Cisco ISE device.
After clearing the credential caches on Cisco ISE device, then check if the accounts are still locked out.
I hope you the information above is helpful.
If you have any questions or concerns, please do not hesitate to let us know.
Best Regards,
Daisy Zhou