Active Directory | User keeps getting locked out


I have an AD account that keeps getting locked automatically after a few minutes. The user is able to log in on the initial unlocking of the account but gets locked out there after. I have checked my account lockout policy and this is fine. Not something I’ve come across.

Any thoughts or ideas?

Thank you in advance.

Do you use exchange/365 with SSO?
I have seen this before where someone has changed their AD password, then their phone keeps trying to reauthenticate against outlook and because the old password keeps being entered, it ends up locking the account.

As above, it’s probably an account trying to do SSO somehow with the wrong credentials. You should be able to see in the event logs which IP address the authentication request is coming from. Then you can at least narrow it down to an offending device.

1 Like

The logs. They will tell you EVERYTHING youve ever wanted to know.