Saturday, 29 September 2012

Possible Reasons for AD Account Locked Out Frequently

Active Directory (AD) is a technology created by Microsoft to provide network services including LDAP directory services, Kerberos based authentication, DNS naming, secure access to resources, and more.

If you want to learn more about Active Directory, Learnthat provides tutorial that you will learn the basic structure of Active Directory, gain an understanding of how Active Directory works, learn how to install Active Directory, and learn the components of AD.

In this blog, instead of providing the technical theory about Active Directory, I will provide more layman troubleshooting perspective or technique when users (clients) of their own user accounts get locked out frequently.

Account lockouts mostly occur on users logging-in to multiple devices (laptop/desktop/mobile device) at the same time. This is a common problem for users who work in bigger organizations and have their own office PC or laptop and network.

Programs that are running on the mobile device may access network resources with the user credentials of that user who is currently logged on.

If the user changes their password on the mobile device or laptop, programs that are running on the other device/laptop may continue to use the original password.

Because those programs authenticate when they request access to network resources, the old password continues to be used and the users account becomes locked out.

Possible reasons for AD account get locked out frequently:

1. Password saved on 3rd-party application (Password Manager) that manage the username and remember old passwords.

2. Passwords stored within the Window System. (ie. Control Panel > User Accounts > Tasks > Manage your network passwords )

3. Web browsers which have already saved the username and old passwords.

4. Smart phone or tablet which have already stored the old passwords and username.

5. Using another shared computers which are not owned by user and yet his old password and username is saved in the shared computers.

6. User might have forgotten his passwords and exceed the number of attempts.