Account Locked message when trying to log in to Mac running Big Sur

Question

Level 1

9 points

Account Locked message when trying to log in to Mac running Big Sur

I have a mac that was bound to an Active Directory domain, prior to being upgraded to Big Sur. The end user of the machine upgraded to Big Sur without our knowledge. The end user is now getting a message when he logs into the Mac, off the corporate network "Your account is locked". If the computer is connected to the network, either physically or via VPN, the account logs in with no problem. Initially, the computer had fallen off the AD Domain, but after being re-bound to the domain this is what we're seeing. Is there any way to fix this issue? I have tried resetting the PRAM, and the SMC, re-binding to the domain, resetting the password using the Directory Editor, and attempted to reset the password through the the ResetPassword command in the Recovery Console, all to no avail.

MacBook Pro with Touch Bar

Posted on Jan 20, 2021 12:45 PM

Reply

Answer 1

Scott Dye

Level 2

185 points

Jan 27, 2021 4:06 PM in response to Ashersleap

We are having a similar issue with our laptops bound to Active Directory. Some laptops were already home, and were updated to Big Sur remotely, while others were updated at the office and then delivered. The ones already at home have had no issues, but ones that went home have not been able to login.

Of note, it only gives the "Your account is locked" message when you put in the CORRECT password. We have confirmed that the ones affected are not showing as locked in AD. This even occurs when the laptop is not connected to a network at all, which should be using the cached credentials. We can log into a local admin account, and make some changes in system preferences that do require that users password that is said as locked, but not at the login screen.

Reply

Answer 2

Ashersleap Author

Level 1

9 points

Jan 27, 2021 4:25 PM in response to Scott Dye

Scott, I have a little more information that might prove useful to you. I still don't know or understand why this happened but I have been able to fix the issue on the affected machine. I installed NoMAD on the machine, and it was able to get the password updated and clear the lock on the account. After installing NoMAD, it automatically pulled the AD information from the configuration in Directory Utility, and once done, I was able to sync the password. I left NoMAD installed (it's open source software) and we were able to sign the user into the computer both on and off the network, so it's all working fine now. You might want to try that as well. As we see more of these, I will update the thread to see if the solution still holds true. Good luck with yours!

Reply

Answer 3

Scott Dye

Level 2

185 points

Jan 27, 2021 7:41 PM in response to Ashersleap

OK, thanks for letting me know! I am going to try this. How were you able to install and set it up, if not able to log in?

I have figured out a way to login, by connecting through the local admin account, setting up VPN on that account (so it is connected to the office network), and then switch to the affected user account - that will let me log in at that point.

I was able to get NoMad installed on that user account (but not the NoMad Login, correct?). It saw the AD domain automatically, and tells me the expiration date, but what do I do to sync the password or clear the lock? Would I need to change the password from NoMad? I have not tried that yet. I did try renew ticket, but it did not do anything I could tell. I also checked the "use keychain" preference. I tried then to restart but got the same "Your Account is locked"

Do I just need to change to a new password within NoMad, or am I missing something else?

Reply

Account Locked message when trying to log in to Mac running Big Sur

Similar questions