Account lockout issues for a user in Active directory

Question

I have a user in Active directory whose account is getting locked frequently even if i try unlocking it it gets locked within a few secs. I have asked the user to remove cache/browser history/older saved passwords from the browser too but still user cant get into the account .Also i have tried password reset too still no luck .Anything i could check further on the issue and i could not get an logs in Active directory to check from where exactly the lockouts are coming from ?.

Answer 1

Hello SR_191,

Thank you for posting in Microsoft Community.

Based on the description, I understand you have one AD user locked out frequently.

Have you made any change before the user account is locked out?

For example,

If you install any KB on any DC or on any domain-join machines?
Or make any GPO setting related to Cipher suites or TLS/SSL?
Or change their AD accounts passwords recently?

Please check if you can see the event ID 4771 (Kerberos authentication) and followed by event ID 4740 related this domain account or event ID 4776 (NTLM authentication) and followed by event ID 4740 related this domain account via Security logs on any Domain Controller.

Can you see which machine lock the user account via 4771 and 4740 or 4776 and 4740? If so, logon the machine locked out this account to try to check the reason.

• Check Credential Management to see if the user's old credentials are cached (Control Panel)

• Check whether the network disk is mounted with the wrong password

• Check if the user started the service with the wrong password, run scheduled tasks, etc

• Are there other third-party programs that cache incorrect passwords for users
• Other apps or programs that remembered or cached the wrong credential for users.

I hope the information above is helpful.

If you have any question or concern, please feel free to let us know.

Best Regards,
Daisy Zhou