Good morning everyone! I'm dealing with some pesky password issues across various sites and locations. Several end users are frequently getting "Password Incorrect" messages, even though they're confident they're using the correct new password. To rule out user error, I've asked my helpdesk to handle password changes directly and not require users to change it back, so they have the passwords when users call. I've confirmed that users are connecting to a legitimate Domain Controller and can see the password change reflected in ADSI. Replication between DCs seems fine, and no failed sign-ins show up on my end. I'm starting to wonder if it's a local caching problem or if Write Back is behind this chaos, but data on last password changes is limited. Any troubleshooting advice would be greatly appreciated!
3 Answers
Could this be related to Single Sign-On? I had a situation where multiple accounts associated with O365 and Azure were suddenly blocked from logging in. Though I checked all the logs, I couldn't find any clues for the issue, so it might be worth looking into.
Have you checked if these users are hot desking or using mobile devices? Sometimes, a device with old cached credentials might be trying to log them in and locking their accounts. It's worth checking before you dive deeper into the problem!
Are you using 2025 domain controllers or something more recent? Double-check the version, it might help narrow down the issue if there's something specific to that release.
Actually, we're running 2022.
I considered that too, but I'm not finding any 4740 events for locked accounts, and nothing shows locked on the Microsoft side.