User Account
Lockouts:
1) Identify the user information which domain
controller user NT Account belongs to.
2) Logon
to the specific PDC server.
3) Filter
the event id 644 (User account lock info & 675 bad password info).
4) Check
if the user lockout information falls on the PDC, if user account locked out,
you can see the information in the events and it will provide the Caller
Machine Name, investigate the system which service is supplying bad password.
Typically the below reasons user
passwords are getting locked out frequently.
Users Account Lockouts:
Almost all User Account lockouts are due to a user changing their password and
then encountering issues because the old password is still in use somewhere.
- The user has been logged into another workstation or server from before the time they recently changed their password. Resolution: Logout, and then login with new password.
- The user has a Terminal Service session opened with the previous password credentials. Resolution: Logon to the indicated server and close session or use Terminal Services Manager tool.
- The user has a previously mapped a drive using the previous password credentials. Resolution: Recreate/Reset mapping with new credentials.
- The user has a service running under the context of their user account with the previous password credentials. This service could be a standard service visible via the Services tool, or a scheduled job running via an AT job or Scheduled Jobs. Resolution: Find the service and update the credentials.
- The indicated computer account has an application running that is utilizing the previous password.
When a local workstation is causing
the lockouts, it may be necessary for the end-user to login while disconnected
from the network and correct the issue. They may have to even use their
previous password to gain access to the session.
No comments:
Post a Comment