What are Account Lockouts?
Account lockouts happen when a user unsuccessfully attempts to log in 5 or more times consecutively.
When a user is locked out. the account lockout lasts for 21 minutes and prevents them from logging in or setting a new password.
The account lockout timer does not reset upon another unsuccessful log in attempt nor does the timer extend longer than 21 minutes. Meaning a lockout will always be 21 minutes.
Accounts can get locked out repeatedly if there are devices attempting to log into the system. This happens quite a bit to people that have their credentials saved when connecting to the Wi-Fi.
Automatically connecting to the university's Wi-Fi (SJSU_Premier and eduroam) is the biggest culprit of a lockout after a password change.
Related Tools
Tutorial
✅ Identify an Account Lockout | Using LDAP, look up the customer and find the lockoutTime variable There are 3 different states this variable has.  Unspecified: This means that the user has been locked out before but is currently not locked out of their account. Some specified time: This means that the user was locked out at that specific time and will automatically be unlocked 20 minutes from that time. The variable does not exist: This means the user is not locked out and has never been locked out.
A lot of the time people will try to change their password when they are locked out You want to check if their pwdLastSet time is within the lockoutTime variable. If it is, the user attempted to set a password during their lockout time and will need to set a new password when they are unlocked. This password they attempted to set during their lockout time cannot be used. |
🔧 Resolve a Lockout |