Mac in Active Directory. User keeps locking herself out

EliasG
Contributor

I have a user that keeps locking herself out everyday...any thoughts? Has anyone run into this issue?

9 REPLIES 9

gskibum
Contributor III

All the time in environments with far-away network admins that are impossible to contact.

I find Outlook will often repeatedly send authentication requests, resulting in the lock out.

OmarJ
New Contributor

@gskibum , is it possible that outlook on mobile cause the issue? if so how did you solve it? 

Lhsachs
Contributor II

A few thoughts:
1. does the user have several keychain entries for authentication - some with old passwords
2. is the user also using a mobile device that's trying to authenticate with an old password?

debrat
Contributor

For our Active Directory users, checking any connected activesync device helps. we have the user log in to the Outlook Web App site to see if they synced any devices over Active Sync and remove any devices that they are unaware of. This is under Options > See All Options > Phone.

dpodgors
Contributor

See if your AD people can tell you what's locking her out. In our environment it is usually a VM that they closed (not logged off) and then changed the password. We've also seen Android phones on our MobilIron do the same thing.

CapU
Contributor III

In our environment users have to login using there domain username/password, so if you log in with your iPad then log in to your computer then change your password, your account will be locked as the iPad has the old password. Too many attempts using an incorrect password will result in the account being locked. I can't tell you how many times a user will become upset with Service Desk because they forgot they logged in at home and keep getting locked out

dpodgors
Contributor

Also... If she is on Sierra, https://www.jamf.com/jamf-nation/discussions/21320/sierra-ad-account-lockout-when-setting-up-icloud

obi-k
Valued Contributor III

We had this problem with Apple Cinema Displays (most recent one). When the USB keyboard was connected to the display, there was a delay of input. The users would hit enter, but their entire password didn't go in. After doing that over and over, they'd get locked out.

I plugged the keyboard directly into the Mac Pro. All was good from there on out.

SeanA
Contributor III

@EliasG The posts below are good posts; I would add, from a more general level, what variables exist with this user that does not exist with other users in your environment? This particular user is doing something different or has different devices; else, other users would be locking up as well. If you know what time she locks up, you can cross-reference the time with logs, either in the client (/var//log/system.log) or server side, such as AD.