Why Are Active Directory Accounts Getting Locked Out?

If you are seeing accounts getting locked out, there may be a local environment setting causing this to occur.

TruGrid does not store or sync any AD (Active Directory) passwords. AD authentication is a direct authentication against the local AD environment. There is nothing from the TruGrid side that would cause this since we only validate passwords upon logon.

Below are some suggestions

UPN Conflict: We have seen a couple instances where customers add a UPN to their Active Directory and see user lockouts. This is unusual but does occur. This seems to occur with customers who are using Outlook joined to Office 365 but also they are joined to Active Directory with a different password, but same UPN. There are many posts about this issue on forums. A workaround is to adjust the UPN Login Name and suffix it with something different than their local login name. This setting can be found in the Active Directory User Object under the Account Tab. See below example image. Now when the user logs into the TruGrid website they would for example use user1@theirdomain.com rather than user@theirdomain.com. This would not impact their local logins.

Service Account or Expired Password: If account lockout policies are on, the user account can get locked out if the account has been used to run as service or an expired password is currently logged in to another PC. There are tools online that will tell you all the places on the network the user account is being used. to check current policies, on an AD joined machine open an elevated Command Prompt as the user having the issue and then run "gpresult /h gp.html". Then open the gp.html file and validate if account lockout policies are actually turned off

Was this article helpful?
Thank you!