Active Directory: Troubleshooting Frequent Account Lockout

Most user accounts will get locked from local desktops and mobile devices or idle sessions on servers / workstations. We need to start account lookout troubleshooting in the below order:

1. Client side troubleshooting
2. Mobile device / BYOD
3. Server side checklist

 

Client side

Perform the below steps on client side (local desktop / laptop)

• Check If a Local User Account is present with the same Name as AD account. If same ID is available, rename local ID to some other ID.
• Clear Temporary Files
• Delete Cookies / Temp Files / History / Saved passwords / Forms from all the browsers.
• Start — > Run –> Temp –> Delete all temp files.
• Start –> Run –> Prefetch –> Delete all Prefetch files.
• Remove Mapped Drives from the computer.  My Computer –> Right click on Shared drive –> click on Disconnect
• If Adobe Reader is installed, in the back end it will be trying to check for latest update. Delete the Adobe Updater file from below path. Delete the AdobeUpdater.dll file in the folder C:\Program Files\Adobe\Reader version \Reader
• Remove stored passwords from Control Panel.
• Start –> Run –> Type Control UserPasswords2 , click on Advanced managed passwords and delete all the passwords.
• Remote unwanted applications from StartUp (Run –> msconfig –> startup –> Uncheck unwanted software)
• Scan the entire HDD and update the Antivirus agent.
• Check the third party software installed on client side. If it’s not required, uninstall.
• Open the Task Scheduler (Run --> Tasks) and delete unwanted tasks. Most of the time, Automatic Backup / Google Update / Apple Updates will be installed by default. Remove all.
• Uninstall Auto Update software’s in Control Panel. (You can update this software manually.)
• If user’s account acts as a service account, update the latest password in service.
• User’s account used as an IIS Application Pool identity.

 

Mobile Devices

Perform the below steps on mobile devices / smartphones (BYOD)

If user recently changed the password and forgot to update in mobile devices, that caused the account lockout for user ID.

Does user involved have a smartphone or some kind of mobile device using AD credentials for connecting (like exchange)? If it fails to connect three times (depending on your GPOs), it locks their account. Have a look on all their stuff using their user account automatically, especially their mobile (90% of the time).

• Go to account settings in a mobile device and update the latest password.
• Reboot the device if required.
• Is issue persists, delete and reconfigure the device,
• If you found the account is getting locked from a mobile device, and unable to fix the by performing above steps, take the necessary backup and wipe the device completely and reconfigure the device.

 

Server / Active Directory

Use below tools to find out the source of the account lockout on the server:

1. Account Lockout and Management Tool.          
2. Netwrix is also a good tool to find out account lockout.
3. Troubleshooting Account Lockouts the PSS way

 

---