none
Account lock issue

    Question

  • Hi, Last week we have transferred FSMO roles from (Win 2008 STD) Primary domain to backup domain and users were able to authenticate properly. But since 2-3 days we are facing issue like users getting error of account locked out while logging in into the system. If we check account status in Active directory, it is showing status unlocked. Then after rebooting of user's system able to login the user.

    Please guide.

    Tuesday, November 29, 2016 10:45 AM

All replies

  • Hi,

    Is there any password policy configured? If yes, please check the setting & change the lockout setting.

    Regards,

    Sarfaraz


    Sarfaraz

    Tuesday, November 29, 2016 11:02 AM
  • Please check your AD replication health in this scenario.  The command repadmin /replsum should show at a glance if you have any errors.  Then, move on to account Locked Out Troubleshooting:

    http://social.technet.microsoft.com/wiki/contents/articles/4585.account-locked-out-troubleshooting.aspx

    Using the Account Lockout and Management Tool:

    http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=18465

    Here is a similar situation for your reference:

    Account lockout: http://social.technet.microsoft.com/Forums/windowsserver/en-US/94a7399f-7e7b-4404-9509-1e9ac08690a8/account-lockout?forum=winserverDS

    And another situation marked as an answer which gives great guidance on how to resolve account lockout problems:

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/ca73c3a1-47e0-469e-af69-80a7b6db0888/active-directory-account-keeps-getting-locked-out?forum=winserverManagement

    Best Regards, Todd Heron | Active Directory Consultant

    Tuesday, November 29, 2016 11:18 AM
  • Please look at below article which summarizes the common root causes of account lockouts and do I resolve them - https://www.lepide.com/blog/what-are-the-common-root-causes-of-account-lockouts-and-do-i-resolve-them/
    Wednesday, November 30, 2016 5:44 AM
  • Hi, i tried to run account lockout tool on our PDC. I am sitting in the network of PDC. Tool shows the list of PDC and ADC. And i found that account was locked out on ADC which is in remote location which is connected to us through mpls link. So i just took remote of the ADC and unlocked the account. Can you please guide.
    Friday, December 2, 2016 11:31 AM
  • Hi,
    Guid what? Please clear more details of the requirement.
    Do you want to disable MPLS connection to domain controller? If that is the case, it might be out scope of the Directory Services forum, since it is more related network problem, I would suggest you involve network guys to see if it could be configured from network aspect.
    Best regards,
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, December 5, 2016 3:05 AM
    Moderator
  • Hi, i don't want to terminate MPLS connection. I want to sort out the issue of account locked out.

    We are having PDC in mumbai and ADC in two remote locations.  I am belonging to Mumbai location. Due to some hardware issue we transferred fsmo roles from PDC to newly created ADC in same network and remove pdc from network. Now users are able to logged in through new PDC but sometimes users are facing issue of Account Locked Out.

    So after running Account lockout tool i got to new that user accounts getting blocked in ADC which placed in remote location.

    Please guide.

    Monday, December 5, 2016 7:00 AM
  • Hi,

    After the old PDC is removed, have you cleaned up the metadata of this DC?

    Metadata cleanup is a required procedure after a forced removal of Active Directory Domain Services (AD DS). https://technet.microsoft.com/en-us/library/cc816907%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

    In addition, if the problem happened on some user randomly, I am afraid that manually unlocking might be the choice when account is locked out and found in the tool, as it is not easy to find out the root cause in this scenario.

    Best regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, December 8, 2016 2:14 AM
    Moderator