Long time lurker, first time poster
I've recently begun moving my Mac community over to AD so that we may enforce our company's password policy. I have no problems binding or anything like that. What is happening is that at seemingly random times for no reason at all, their AD accounts become locked out, and they are then unable to log into their Mac or Exchange via Entourage, etc.
I can find no pattern to the lockouts. Even if their Mac turns itself off overnight, when they return in the morning, their AD account is locked out. This all happens at random times. Some people report that when it happens during the day, it's at or close to the exact same time, but there is no reason I can find for this on the network.
Our AD password policy states that three incorrect logins locks the account, and they are set to force password changes every 90 days.
I should add that all login credentials are 100% correct every time, so there are no incorrect password attempts or anything like that. Accounts become locked without even having recently typed in credentials. This happens only to Mac users whose computers have been moved to AD. Other Mac users (those who have not had computers set for AD) do not have this happen. Before the move to AD, a Mac user's account in AD is set to never have password expire. Once we move to AD, we set the password policy at that time on the account. A new test account was created from scratch with the password policy implemented immediately, and has exhibited no such account lockout.
We are running Tiger 10.4.3, bound to AD, forced home folders on local machines but do have network homes via AFP on an Xserve RAID mount on desktop, Entourage 2004 v11.2.1. We're on Exchange 2003, but our AD is only on Win2k servers.
I'm at the end of the rope here... I called Microsoft (and have since paid $245 for a thusfar useless support call) to see if maybe I could get some Entourage/AD assistance, and the first guy said "What's Active Directory?" and the second guy said "What's Entourage?" Thanks, Microsoft.
Does anyone have any ideas? Many thanks in advance!
Jason