I'm dealing with a frustrating issue where an application is locking Active Directory (AD) accounts because it's caching user credentials. After users change their passwords, some experience account lockouts, which creates a lot of trouble. I'm seeing incorrect password logs on the Domain Controller, and while clearing the credential vault doesn't help, resetting an entire profile does. Interestingly, reinstalling the device prevents the account from locking. I already know which device is causing the problem; what I really need is to pinpoint the executable (exe) of the application that's causing these lockouts. Has anyone successfully navigated this issue, and what tools did you find useful? This is really driving us up the wall!
1 Answer
To tackle this, I'd first check for mapped drives and scheduled tasks. Also, see if users are logged into another device, perhaps with an old password. If you’re using M365 with AD synchronization, check if anyone is mistakenly logged into Outlook on their mobile with a previous password—it can trigger the lockout. Also, don't forget to look into NPS, RADIUS, and Wi-Fi logs.
Thanks for the tips! Just to clarify, users are in Exchange Online so I don't think old passwords are saved on their phones since they all use Outlook. I’m seeing those wrong password logs on the Domain Controllers. Also, I don't believe scheduled tasks should be saving passwords.