Mac in Active Directory. User keeps locking herself out


I have a user that keeps locking herself out everyday...any thoughts? Has anyone run into this issue?


Contributor III

All the time in environments with far-away network admins that are impossible to contact.

I find Outlook will often repeatedly send authentication requests, resulting in the lock out.

New Contributor

@gskibum , is it possible that outlook on mobile cause the issue? if so how did you solve it? 

Contributor II

A few thoughts:
1. does the user have several keychain entries for authentication - some with old passwords
2. is the user also using a mobile device that's trying to authenticate with an old password?

New Contributor III

For our Active Directory users, checking any connected activesync device helps. we have the user log in to the Outlook Web App site to see if they synced any devices over Active Sync and remove any devices that they are unaware of. This is under Options > See All Options > Phone.


See if your AD people can tell you what's locking her out. In our environment it is usually a VM that they closed (not logged off) and then changed the password. We've also seen Android phones on our MobilIron do the same thing.

Contributor III

In our environment users have to login using there domain username/password, so if you log in with your iPad then log in to your computer then change your password, your account will be locked as the iPad has the old password. Too many attempts using an incorrect password will result in the account being locked. I can't tell you how many times a user will become upset with Service Desk because they forgot they logged in at home and keep getting locked out


Also... If she is on Sierra,

Valued Contributor

We had this problem with Apple Cinema Displays (most recent one). When the USB keyboard was connected to the display, there was a delay of input. The users would hit enter, but their entire password didn't go in. After doing that over and over, they'd get locked out.

I plugged the keyboard directly into the Mac Pro. All was good from there on out.

Contributor III

@EliasG The posts below are good posts; I would add, from a more general level, what variables exist with this user that does not exist with other users in your environment? This particular user is doing something different or has different devices; else, other users would be locking up as well. If you know what time she locks up, you can cross-reference the time with logs, either in the client (/var//log/system.log) or server side, such as AD.