Unable to unlock account in AD

Solution 1:

I've seen this before when someone has a stored account credential (on let say an IPAD) that logs them into their email. This will try every so often to sync the account (like every 30 seconds to poll) and it will lock the account out. See this Microsoft download link for account lockout tools and a whitepaper on troubleshooting account lockouts.

UPDATE:

Exchange is simply an example. It could be something as simple as being logged in to another workstation after a password change. In your case the problem is a policy restriction. Following the steps in the whitpaper will show you how to use the netlogon.log files and tools to track down the workstation causing the problem

Solution 2:

You are doing this from a domain admin account that is able to modify AD (I know silly question)? Have you tried logging in with the account that seems to still be locked?

I would also double check via cmd that its locked: NET USER loginname /DOMAIN | FIND /I "Account active"

Try to unlock it: NET USER loginname /DOMAIN /ACTIVE:YES

Or toss in the reset password also: NET USER loginname newpassword /DOMAIN /ACTIVE:YES

Just some things to try.

Solution 3:

Check the sever security logs to try and determine from which machine the logon attempts are being made.

I suspect what you're seeing may be the result of a virus or other malicious software. I've seen this happen before where the undesirable software is using brute force to try and access the account. No matter how often you unlock it, within seconds it's locked again because there were attempts to use it with incorrect passwords. In such a case the server is of course doing exactly what it's supposed to - lock the account.

Solution 4:

Android Phones will sometimes spam login attempts to OWA without a warning that credentials didn't work.

Make sure the user's phone isn't causing issues. This worked for me