I'm having an odd issue with a user who can't log into any domain computer before 6:20 AM. This started happening after they reset their domain password a couple of weeks ago. I've checked, and there don't seem to be any security group restrictions or Active Directory settings that limit their login times. This issue occurs on multiple computers, so I'm thinking it's not just a local policy issue. Does anyone have suggestions on what else I can investigate to figure out what's causing this?
5 Answers
Are you syncing AD passwords with Entra? If the user has updated their password in on-prem AD but hasn’t done so on their phone or any other devices, Entra might be continuously trying to log in with the wrong credentials, locking them out until they finally log in to a domain machine. This can lead to issues when accessing things later on their personal devices.
Just curious, has the user tried logging in right after they reset their password? Sometimes a slight delay in updates can cause issues. Maybe the login lockout is linked to recent password changes.
Did they remember to update their password on all their devices? Sometimes folks forget to do it on their phones or for corporate Wi-Fi, and they end up locking their account before they even get to their desk.
What error message does the user see when they try to log in? Also, do they boot the computer from a complete shutdown, or just wake it up from sleep? I've noticed some devices lose network connection in sleep mode, which can mess with authentication. Once they log in, running GPRESULT might show any active Group Policies that could explain the problem. Sharing which OS they’re using could also help us troubleshoot this further.
It sounds like there might be a computer that's being turned on around 6:00 AM with the user's old credentials saved, which could be locking their account. Maybe there's also a scheduled task that's running at the same time. Definitely worth checking the security event log for any clues!
Good point! The event log could really help pinpoint what's going on.
Thanks for the suggestion! But no, we're not syncing with Entra.