Sidenote

by Nikolas Demiridis

This actually started as a way to post (and archive) anything I was finding to be insteresting enough. Now it actually serves as a kind of memo notes to myself.
This is an English language blog.

What to do when your AD Domain account gets locked out periodically after changing your password

There is only 2 simple steps you should perform

  1. Find the offending PC or Server (the PC or the Server, where from the account is not authenticating)
  2. After finding the PC or Server, change the password at the application that still hold the old password

Step 1: You need to enable Failure Audit for accounts at your DC or DCs.

The Audit Policy settings are located in the Default Domain policy settings. To view the Auditing policy settings, in the Group Policy MMC, double-click Computer Configuration, double-click Windows Settings, double-click Security Settings, double-click Local Policies, and then double-click Audit Policy.

You may also find extremely useful the Account Lockout and Management Tools and this and this post.

Step 2: After you have found the problematic PC you have probably found whether is an application or a mapped share that is causing the problem. If it is an application, just update its settings. If it is a share, just run rundll32.exe keymgr.dll,KRShowKeyMgr to access the Stored User Names and Passwords.

You may find useful this post.