question

AnthonyEdwards-0523 avatar image
0 Votes"
AnthonyEdwards-0523 asked AnshulKumarMINDTREELIMITED-5501 published

locking a password after you have logged in, delay?

We have a user who is a bit too speedy for his own good but he seems to somehow get into his desktop quite a lot but actually have his account locked out, so he enters his password so quick after his "last attempt" that he still manages to get to his desktop. is this even possible? We know his account locks out because we have email alerts and then he is prompted for a password on outlook for exchange?

Any suggestions welcome

windows-serverwindows-active-directory
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.


Hi,


Just want to confirm the current situations.
If there's anything you'd like to know, don't hesitate to ask.

Best Regards,

0 Votes 0 ·

Hi,
I am checking to see if the problem has been resolved.
If there's anything you'd like to know, don't hesitate to ask.
Best Regards,

0 Votes 0 ·

Hi, if the posted answer resolves your question, please mark it as the answer by clicking the check mark. Doing so helps others find answers to their questions.

0 Votes 0 ·
FanFan-MSFT avatar image
0 Votes"
FanFan-MSFT answered

Hi,
Basically speaking, when an account is lockout, he is not able to login.

It is suggested to check the setting: Account lockout duration
Account lockout duration policy setting determines the number of minutes that a locked-out account remains locked out before automatically becoming unlocked.
111908-image.png

You get the account lockout settings by run PowerShell command:
Get-ADDefaultDomainPasswordPolicy
111916-image.png

Then, try to enable the audit policy: account management on the DCs:
111880-image.png

Enable audit policy: account logon on the clients which the user logon to:
111917-image.png

We can get more information for narrow down the issue.
Such as when the account was lockout, when the user login, was the account unlocked automatically.


image.png (35.6 KiB)
image.png (19.1 KiB)
image.png (50.7 KiB)
image.png (36.2 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AnthonyEdwards-2049 avatar image
0 Votes"
AnthonyEdwards-2049 answered

We think this was actually due to the domain controllers having a time sync issue.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AnthonyEdwards-2049 avatar image
0 Votes"
AnthonyEdwards-2049 answered FanFan-MSFT edited

it looks like they locked their account one DC, but managed to login on another DC that is behind in time 2-3 minutes slip. We have corrected the time issue and will see if it re-occurs, just in theory we think this was the issue..

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,

Glad to hear we found some clues.
Please feel free to let us know if you need further assistance.
Best Regards,

0 Votes 0 ·