Active Directory (Account Locked Out) - Help Desk Simulation
This walkthrough demonstrates how to simulate and resolve a common help desk issue: a domain user being locked out after entering the wrong password multiple times.
The goal of this exercise is to practice:
Simulating an AD account lockout on a Windows 10 domain-joined workstation
Identifying and unlocking a user account in Active Directory
Verifying the user can log in
Writing professional help desk ticket notes
Step 1: Simulate the Issue
Go to your Windows 10 domain-joined employee workstation.
At the login screen, enter the user’s incorrect password 5–10 times.
Continue until Windows displays an error such as:
“The referenced account is currently locked out.”
The account is now locked in Active Directory.
Step 2: Fix the Issue (Unlock in ADUC)
On your Domain Controller Windows Server 2022, open Active Directory Users and Computers
(Windows Key + R→ dsa.msc).
Navigate to the Organizational Unit where your user is located. In this case the user is located in HR.
Right-click the user → Properties.
Go to the Account tab.
Check if “This account is currently locked out…” is displayed.
Click the box next to “Unlock account”, then click Apply and then OK.
If needed, click Reset Password and set a temporary password.
Step 3: Test
Return to the Windows 10 workstation.
Log in with the user’s correct or newly reset password.
Confirm the user successfully signs in and the desktop loads normally.
Step 4: Document for Ticket Notes
Ticket ID: #2025-1116-001
User: Naruto Employee
Issue: User account locked out; unable to log into workstation
Steps Taken:
1. User reported account lockout after multiple failed login attempts.
2. Opened Active Directory Users and Computers on the Domain Controller.
3. Navigated to the Organizational Unit, HR, and right clicked on Naruto → Account tab → clicked “Unlock Account.”
4. User successfully logged in and verified access to required applications.
Result: Ticket Resolved
