Situation: Recently, One of the users keeps having a problem to login her domain computer because the account is locked.
Troubleshooting: The company uses Office 365 and has 90 password expiration policy. After check Microsoft Azure sign-ins status of this user, we find it is her mobile phone failed login. The problem is she changed the domain account password but did do so in the mobile phone. To check Azure sign-ins status, login Azure and go to Users>Sign-ins. Here you can check Basic info and Device info.
Other suggestion: 1. Check Event Viewer for ID 4740.
2. Use Microsoft Account Lockout and Management tools.
3. Check out the freeware Netwrix Lockout Examiner as it can be used to track it down if you can’t find it in the security logs on the DC.
https://www.netwrix.com/account_lockout_examiner.html
4. Check your network drive mappings. You may have an old one created when you had a different password. Your computer is sending the old information when it checks items on those drives.
5. Scheduled tasks. Clear any not in use. You may have created an item using your login and a former password. When the schedule attempts to execute, it will create a failed login.
6. Service accounts. Check any services that you may have set up under your login that may contain a former password. This could be on ANY workstation or server that you have used.
7. Go to Control Panel > Credentials Management to clean the password.