Knowledgebase:
Troubleshooting Account Locks
Posted by Blair Benjamin, Last modified by Curt Winters on 04/27/2018 1:58 PM
Background - Sometimes after a user changes their password, there are issues with repeated account locks due to the previous password presumably being cached somewhere and sending a request.  This can be very challenging to troubleshoot.   Below are some theories, resources, and steps to take to hopefully identify the source and correct it.  This wiki is a work in progress as we attempt to isolate the likely issue(s).

Use this information for persistent issues, but refer to https://ts.cairn.edu/staff/index.php?/Knowledgebase/ViewKnowledgebase/Article/383 for the ADSelfService Password Change tool at https://reset.cairn.edu


Mary Boyer and Degreecompletion2 have been known to have very persistent issues with Password changes.


Resources

Tips on tracing the source of a bad password request and account lockout in AD - https://community.spiceworks.com/how_to/48758-trace-the-source-of-a-bad-password-and-account-lockout-in-ad

Finding the log files on Windows Server - https://www.rootusers.com/where-are-windows-server-2016-log-files-stored/

Explanations of Windows Log Event IDs - https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4740  (change the parameter at the end for others)

Good article w/ suggestions from another user who had a similar experience - https://community.spiceworks.com/topic/143780-account-lockouts

Tool/utility for checking an account's lockout status - https://servergeeks.wordpress.com/tag/lockoutstatus-exe/ or https://www.microsoft.com/en-us/download/details.aspx?id=18465

Another tool for examining lockouts - https://www.netwrix.com/account_lockout_examiner.html


Specific Troubleshooting Steps to Try:

1- On the suspected offending computer, go to Control Panel > Credential Manager > Windows Credentials and delete/remove stored/cached credentials
2- Check any explicit or persistent drive mappings
3- Check to see if the offending account is configured on any phone/mobile devices with the password stored

Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments: