Home Internet Mail Server Proxy Server Virus Windows Windows Server

Monday, October 10, 2011

Active Directory : User account repeatedly locked for no reason

There are few situations that can lead to a user account being locked out in an Active Directory environment. The following two situations are worth mentioning, because at first sight, it might have seemed like the user account was locked out “for no reason”.
In both situations, the corporate password policy is involved. The policy is as follow :
  • users must change their passwords at regular intervals
  • account gets locked out after the password being refused a specified number of times

Situation 1 : Forgotten PC with an open session and Outlook running

If you leave Outlook running on a PC you forgot somewhere hidden in your office, it will go on using the same credential for ever. Even after the policy forced you to change your password, it will go on using the old credentials and ultimately lock out your account…

Situation 2 : “remember password” box checked while accessing a network share

If you check the “remember password” box when you access a network share, it will use the same password for ever. Even after the policy forced you to change your password. And then, when you’ll want to access that share again, it will use the old credentials and lock out your account.

How does it go on ?

The fun with those 2 situations is this : when you suddenly can’t logon again, you call the IT Support. They will unlock your account, and then you can logon untill Outlook will use again your old credentials, or till you’ll access that share with your old password again. And then your account will get locked again.

Download tools that you can use to troubleshoot account lockouts, as well as add functionality to Active Directory:


Post a Comment

Home Photography
Copyright © 2017 Xiu's Blog | All Rights Reserved.