Error: Unable to log you in because your account is locked. Please contact your administrator

Error: Unable to log you in because your account is locked. Please contact your administrator

Issue description   

Users encounter the error message "Unable to log you in because your account is locked. Please contact your administrator" when trying to log in to ADSelfService Plus. This error occurs when a user tries to log in with a locked-out Active Directory (AD) account.


Event ID  
Event ID 4740 (indicating an account lockout).

Possible causes   

  1. The user has entered incorrect passwords multiple times, resulting in an AD account lockout.
  2. The user's account is being used in other services (e.g., Outlook, mapped network drives, or scheduled tasks) where the password was not updated after a recent password change.

Prerequisites   

  • Administrative access to the ADSelfService Plus console.

Resolution   

Step 1: Use ADSelfService Plus to unlock the account   
If the user is enrolled in ADSelfService Plus, they can unlock their account without admin intervention.
  1. Go to the ADSelfService Plus login page.
  2. Click Account Unlock?.
  3. Provide the required identity verification details depending on the configured self-service policy.
  4. Follow the steps to unlock the account.
Step 2: Contact the AD administrator for manual unlock   
If the user is not enrolled in ADSelfService Plus, the AD administrator must:
  1. Open Active Directory Users and Computers (ADUC) (dsa.msc).
  2. Locate the locked user account.
  3. Right-click the account and select Properties.
  4. Under the Account tab, check whether Account is locked out is selected.
  5. If locked, uncheck the box and click OK.
  6. Inform the user that the account is now unlocked.
Step 3: Prevent repeated lockouts due to stored credentials   
  1. If the user recently changed their password, ensure they update it in:
    1. Outlook (especially if configured with saved credentials).
    2. Mapped network drives.
    3. Scheduled tasks or background services using the old password.
  1. Instruct the user to log out and log back in with the correct credentials.

Validation and confirmation  

  • Once unlocked, the user should be able to log in successfully to ADSelfService Plus. If account lockouts persist, check Event Viewer logs for repeated authentication failures.

Tips    

  • Encourage users to enroll in ADSelfService Plus to unlock their accounts without administrator assistance.  

How to reach support         

If the issue persists, contact our support team here


      New to M365 Manager Plus?
      New to M365 Manager Plus?
        New to RecoveryManager Plus?
        New to RecoveryManager Plus?
          New to Exchange Reporter Plus?
          New to Exchange Reporter Plus?
            New to SharePoint Manager Plus?
            New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial

                      Related Products