locking a password after you have logged in, delay?

Question

We have a user who is a bit too speedy for his own good but he seems to somehow get into his desktop quite a lot but actually have his account locked out, so he enters his password so quick after his "last attempt" that he still manages to get to his desktop. is this even possible? We know his account locks out because we have email alerts and then he is prompted for a password on outlook for exchange?

Any suggestions welcome

Answer 1

Hi,
Basically speaking, when an account is lockout, he is not able to login.

It is suggested to check the setting: Account lockout duration
Account lockout duration policy setting determines the number of minutes that a locked-out account remains locked out before automatically becoming unlocked.

You get the account lockout settings by run PowerShell command:
Get-ADDefaultDomainPasswordPolicy

Then, try to enable the audit policy: account management on the DCs:

Enable audit policy: account logon on the clients which the user logon to:

We can get more information for narrow down the issue.
Such as when the account was lockout, when the user login, was the account unlocked automatically.

Answer 2

We think this was actually due to the domain controllers having a time sync issue.

Answer 3

it looks like they locked their account one DC, but managed to login on another DC that is behind in time 2-3 minutes slip. We have corrected the time issue and will see if it re-occurs, just in theory we think this was the issue..