SOLVED: Active Directory Account Keeps Locking

If your AD account becomes locked over and over again (especially after a recent password change), it is likely something on your PC/Server has cached the old password and is causing the account to lock.

There are several ready places to look for this… and I will get to those in a moment, but in my case the problem was that the user in question had failed to correctly set up his email on his smartphone, a Samsung S II.  Here is the real twist, he had correctly setup his email using the Touchdown app, but he had left the default Android email client trying over and over again.  When I asked him to disable the email on his phone, he just disabled Touchdown… which still left Android email trying over and over and over again.  This was the problem!

Ok, on to what esle will commonly lock your account that you might not thought of on your own (in the order that they are likely).

1. Services – Open your SERVICES and sort by the LOG ON AS column
2. Saved Passwords – In Windows Vista, 7 and 8 you can check your WINDOWS VAULT (similar to the Mac Keychain) using the CREDENTIAL MANAGER which can be found in the Control Panel.
3. Scheduled Tasks – This is tedious but you need to go through each Task and see who it is running as
4. Stuck Logon Script or CONNECT AS network share – Basically, if a network share doesn’t have the correct credentials, you are going to be in Hell.  Ensure that you have no logon scripts running and that all your network drives are connected without using a CONNECT AS.  Personally, I would just run Net Use * /delete in a command line to dump all the connections.
5. Virus – Conficker, Downadup and others will try to make network connections over and over again and will lock your account.  You can usually rule this one out by running a Windows Update; almost no virus’ will let you get to WU.  You can also try the free microsoft.com/en-us/download/malicious-software-removal-tool-details.aspx?id=16
6. External / Internal Attack – If you are being attacked from a DoS or other malware you might be in Hell, see #5 for help.

In my OH MY GOD; I NEED THIS FIXED state, in found a product called ACCOUNT LOCKOUT EXAMINER from NETWRIX.  It is fully functional demo for 20 days so you should be able to determine your problem within a day or two.  They even provide free tech support for this great product.  What ACCOUNT LOCKOUT EXAMINER did for me was tell me what server was originally locking the account and tell me how often the password was being tried.  It is not the full answer to what is wrong, but it sure helped me and I will be buying it: netwrix.com/account_lockout_examiner.html .

If all else fails, try reading this brief Microsoft article: technet.microsoft.com/en-us/library/cc773155.aspx