We use mobile accounts in our environment tied to our AD.
We know Big Sur has an account lock out issue
PI-009097 (password issue in Big Sur) and PI-009094 (software update policy broken)
However this past week we have seen several users on 10.15 and 10.14 reboot, try to login and get a message that their account is "locked". The solution is to unlock via the console if they are on the internet, or log into a local AD account and run:
pwpolicy -u username enableuser
However I am having trouble being able to track down WHY it happened. Does anyone know what log to look into? And if so, what sort of event am I looking for? I am having trouble troubleshooting without having some more verbose errors.
