This usually happens within the same hour of re-enabling a user's account. The user will contact us because they have been disabled due to inactivity, we re-enable the account and then they will contact us within that hour and say they're still experiencing issues. When we go to check the account for a password lockout, we find that account has been disabled again.
We don't have any disabling feature that should re-disable the account within that time frame. It's been pretty frustrating since it's difficult to replicate. I was wondering if anyone has seen this and if they have, if anyone knows what could be causing it or how to address it?
DCDiag
on each DC to ensure proper communications. Is it more than one user account that's experiencing this?Computer/Policies/Windows Settings/Security Settings/Account Policies/Account Lockout Policy
. You can you Group Policy Results (or Modeling) in the Group Policy snap-in to check for this.