Users of Windows 7 computers locked out of domain

OK, I'm guessing here.

Do you have mapped network drives or folders that are configured on those PCs, that are NOT often being used?

Permanent drives/folders may have been established with passwords that have already expired. These passwords might have been saved locally (by clicking a check box on a login dialog). Every time the user logs on or restarts his PC, the authentication attempt FAILS when Windows attempts to restore these permanent connections because the LOCAL saved passwords are different from the ones on Active Directory. I think, that if these attempts reach the lockout policy threshold, the account will be locked.

If I'm correct, Why does this happen only on Windows 7? I have no idea.

Did I just tell what you already know?

I did have mapped drives before and saw a forum post where someone said this could be the issue, so I disconnected all mapped drives, but the lockouts still keep happening.

So I have no idea either what the deal is with Windows 7. I'm not sure I actually know anything at this point

It can be mapped drives, printers, and programs. It can be pretty hard to track down. You'll have to check the computer security and domain controller logs you should see a bunch of failed audits in the logs.

The security logs might give you a hint on whats going on.

Does this machines have network printers or outlook or any programs that request credentials?

Try removing stuff until it works I suppose.

or remove the account lockout policy if thats ok for your organization. Yes it is security but a lockout policy can also be used for denial of service attacks so It can be dual edged sword.

Hi All,

@steveb The problem related to the RID and PDC master role of Five powerful roles known as FSMO aka Flexible single master operations roles in Active Directory Domain Service AD DS.

First of all i would like to collect some info from you. Did you assign the Win 7 USERS any old or existing account names and passwords.

Did you change the e-mail address in account tab from the user properties.

This remedy will be done by google with deep search however i strongly recommend you to go through the above FSMO rules and try to trouble shoot accordingly.

I will also do the same once you give me the detailed info such as, is the server upgraded from Win 2000 and Win 7 users are new or already exists.

Regards,

Rizin