Disabled Account Gets Locked Out

All replies

• 

  

  0

  Sign in to vote

  Hi

   Also these are possibilies about lockout issue,
  -Mapped network drives
  -Logon scripts that map network drives
  -RunAs shortcuts
  -Accounts that are used for service account logons
  -Processes on the client computers
  -Programs that may pass user credentials to a centralized network program or middle-tier application layer
  -Active sync devices (cell phone,etc..)  

  So you should check these possibilities..

  ---

  This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

  • Proposed as answer by AnveedBanned Wednesday, June 21, 2017 6:55 AM
  • Marked as answer by Hamid Sadeghpour SalehMVP Wednesday, September 25, 2019 8:03 AM

  Wednesday, June 21, 2017 6:21 AM
• 

  

  0

  Sign in to vote

  Is it normal account or guest account?
  
  What specific event id are you are getting on DC?
  
  Also check the account lockout policy for the users whose accounts are being locked out. Check each and every item in GPO object which might cause the issue regarding account lock out.
  
  For more refer KB article: http://technet.microsoft.com/en-us/library/cc773155(WS.10).aspx
  
  Identify the source of Account Lockouts in Active Directory:
  https://www.lepide.com/how-to/identify-the-source-of-account-lockouts-in-active-directory.html
  
  Troubleshooting account lockout the Microsoft PSS way:
  http://blogs.technet.com/b/instan/archive/2009/09/01/troubleshooting-account-lockout-the-pss-way.aspx
  
  Please find the below link for more details about disable a account and account lock out:
  http://www.windows-active-directory.com/difference-between-disabled-expired-and-locked-account.html
  
  Hope this helps!

  ---

  Solutions for Active Directory to audit, monitor and manage.

  • Proposed as answer by AnveedBanned Wednesday, June 21, 2017 6:55 AM

  Wednesday, June 21, 2017 6:42 AM
• 

  

  0

  Sign in to vote

  Hi,

  <<<My question is how does a disabled account get locked out? >>>

  Please check if the problematic account is guest account.

  Similar thread for your reference:

  https://social.technet.microsoft.com/Forums/windowsserver/en-US/df9255bf-f28d-4acf-b6c1-25ce041cc416/domainguest-account-being-locked-out-via-nondomain-joined-workstations?forum=winserverDS
  

  Best Regards,

  Alvin Wang

  ---

  Please remember to mark the replies as answers if they help.
  If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

  Wednesday, June 21, 2017 7:08 AM
• 

  

  0

  Sign in to vote

  The account is a user account - NOT guest.   I understand the reasons an account locks out and account lockout is functioning correctly in the environment.     If I log into an account in our environment with bad passwords 3 times it locks out as it should.    What I am saying is if I log into this disabled account with a bad password 3 times all I see is "the account is disabled" in the event log.  It does not lock out the disabled account.  Yet, this account did lockout at some point yesterday.   Can anyone explain this behavior?  If you disable a standard user account in your environment, and then attempt to login with a lockout policy enabled do you see the account lockout or do you just see event log messages that the logon failed because the account is disabled?

  Wednesday, June 21, 2017 11:52 AM
• 

  

  1

  Sign in to vote

  Hi,

  Disable and lockout are two separate functions. Even though the account is disabled it still will look at attempts to sign in and if it matches the number of failures set to lockout then it will lock out the account.

  Best Regards,

  Alvin Wang

  ---

  Please remember to mark the replies as answers if they help.
  If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

  Friday, June 23, 2017 1:53 AM
• 

  

  0

  Sign in to vote

  Can anyone explain this behavior?  If you disable a standard user account in your environment, and then attempt to login with a lockout policy enabled do you see the account lockout or do you just see event log messages that the logon failed because the account is disabled? >>> As mentioned if the account already configured on a cell phone,shared drive,etc.. maybe it will still try to authenticate with this disabled account so if you delete this account none of things will be try to authenticate with the account.

  ---

  This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

  Friday, June 23, 2017 7:47 AM
• 

  

  0

  Sign in to vote

  Hi,

  Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

  Best Regards,

  Alvin Wang

  ---

  Please remember to mark the replies as answers if they help.
  If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

  Wednesday, June 28, 2017 8:57 AM
• 

  

  0

  Sign in to vote

  This is not true.  I have tested it.  When an account is disabled, no bad password attempts are recorded.  No lockouts are processed.  After the account is disabled the TGT tickets out there have a 10 hour period where they expire.  Once they have does that no access is given.  If you try to logon to a domain with that account using bad passwords, no lockouts will generate.

  Monday, September 9, 2019 6:20 PM