I am hoping that someone can help me unblock an account on an Azure VM.
The VM is domain joined and is running SQL Server 2014 on Windows Server 2016. I have an office 365 / Azure AD tennant with Azure active directory domain services.
I have an account that is locked because of greater than 5 attempts, but if I give it some time, it goes active again.
net user /DOMAIN trent
...
Account active Yes
Account expires Never`
Password last set 5/26/2018 5:19:15 AM
Password expires 8/24/2018 5:19:15 AM
Password changeable 5/27/2018 5:19:15 AM
Password required No
User may change password Yes
Workstations allowed All
Logon script
User profile
Home directory
Last logon 5/26/2018 5:19:54 AM
Logon hours allowed All
Local Group Memberships
Global Group memberships *AdminAgents *Domain Users
*AAD DC Administrators*PWS WordPress Site Ad
The command completed successfully.
As soon as I go to login using RDP I am locked out.
I have looked up similar problems on like https://community.spiceworks.com/topic/2125626-remote-desktop-services-causing-ad-account-lock-out and tried the tool at https://www.netwrix.com/account_lockout_examiner.html but it doesn't seem to want to connect to the AAD DS.
I have checked that there are:
- No mapped credentials
- No old cached creds
- No other applications
- No scheduled tasks
I am not sure how to change the group policy to stop it happening, I can't install AD DS because it is on AAD DS.
Any help would be appreciated.
Best Answer
So it turned out that I had a LOB app on my PC that was trying to auth with my old creds which was creating the problem on RDP.
How I solved this was to track the login attempts, using a different admin user on the server using the script found here https://community.spiceworks.com/scripts/show/737-basic-domain-logon-tracking-script
This LOB app was not providing any indication of user fails, but as soon as I tried to login, it would indicate locked out.