none
User can log on after locked out in Active Directory

    Question

  • Hello!

    Our user has changed password.

    Next day he tried to new password and was locked out.

    In security logs we have found events  that there were 2 successfull log on from Mac OS and Windows PC (user has 2 PCs on different buildings) after locked out. But user worked only on one PC at that time.

    On other DC there were found events that user account was locked.

    How can it be - logon after user was locked out?

    Thank you!

    Wednesday, December 21, 2016 7:29 AM

Answers

  • Hello, Wendy!

    We have found that this is normal behaveur - kerberos session lives 10 hours and session of user even blocked will be active this period of time (if user will not reboot PC or program)

    Monday, December 26, 2016 1:16 PM

All replies

  • Please have a look at below article which consists some common root cause of account lockout and how to resolve them - https://www.lepide.com/blog/what-are-the-common-root-causes-of-account-lockouts-and-do-i-resolve-them/
    Wednesday, December 21, 2016 7:51 AM
  • Thank you! But the question was - how user can log on after locked out?

    Wednesday, December 21, 2016 8:19 AM
  • Hi,
    Maybe, some applications with cached the account attempt to connect successfully before account is locked, and the log is delayed some time and recorded in the event viewer.
    Best regards,
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, December 22, 2016 6:12 AM
    Moderator
  • Hi,

    I am checking how the issue going, if you still have any questions, please feel free to contact us.

    And if the replies as above are helpful, we would appreciate you to mark them as answers, and if you resolve it using your own solution, please share your experience and solution here. It will be greatly helpful to others who have the same question.

    Appreciate for your feedback.

    Best regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, December 26, 2016 7:39 AM
    Moderator
  • Hello, Wendy!

    We have found that this is normal behaveur - kerberos session lives 10 hours and session of user even blocked will be active this period of time (if user will not reboot PC or program)

    Monday, December 26, 2016 1:16 PM
  • Hi,
    Great share and update, if possible, we would appreciate you to mark it an answers, it will be greatly helpful and clear to others who have the same question and read this thread.
    Thanks for your feedback.
    Best regards,
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, December 27, 2016 1:33 AM
    Moderator