Windows Server 2003 user locked

270 pts.
Domain Controller
Microsoft Windows Server 2003
User access
Windows Server 2003 Domain
Windows Server User Profiles
In our win server 2003 domain, one of user account has been locked when he was logging in and i have reset the password from domain controller but problem is still same. so, please help me out.

Answer Wiki

Thanks. We'll let you know when a new response is added.

Hello there,

This is a common issue.

In you AD there are more than one Global Catalog (GC). Each one of these servers are able to authenticate clients.
What is happening is that you unlocked the given account in one GC, but in fact, the client is authenticating against a second (or third) Global Catalog. Once the replication didn’t occur yet, the rest of GC aren’t aware of the account change…

In situations like this, you should reset or unlock the account in the server closest or in the same site as the client. (a client always authenticate against the closest GC available server). So, if you can, log in remotely to that server and unlock the account. This way, the unlock is immediate to the client.

If for any reason you can’t login remotely or there is only one site (with two ore more GC’s), you can always use any GC to unlock the account. Then, to be sure that the change is (almost) immediately available to the client, you should force AD replication to occur. (go to AD Sites and services and force replication)

Hope this helps.

Discuss This Question: 2  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Tchin
    Resetting the password does not change the status of the account if the user is locked out. You will have to unlock the account. Go to AD and select the user. Go to Properties > Account. There should be a box stating "Unlock Account". Check that and hit apply. That should fix the problem.
    180 pointsBadges:
  • saturno
    Just to complement my and Tchin contributes: To make this "Problem" (account lock) auto-recoverable, you can create a GPO to automatically unlock user accounts after a specified amount of time. Creta e a new or redefine an existent Group Policy, and the go to: Computer Configuration Windows Settings Security Settings Account Policies Account Lockout Policy Account Lockout Dutation Define the Account Lockout Duration to best fit your needs, say 10 minutes. In small to medium environments, I usually use this to prevent me the need to actually log-in remotely and just unlock a user account. If a account gets locked and the user call the help-desk, we usually just tell her/him to wait a few minutes to be able to login again. This way the account status is automatically reset after the amount of time defined in GPO. Hope you find this useful.
    4,585 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: