Forum Discussion
Local PC Experiencing Random Issues with nAD/AAD Account
I'm unsure if this is the right place, but I might as well ask. I have little to lose at this point. Searching online hasn't been helpful for me or my colleagues. Our company operates with a hybrid AD/AAD setup along with Office 365, where we enforce MFA through Authenticator for logging into Microsoft apps (excluding the PC itself). Lately, we've been encountering random credential issues with users, often occurring after an AD password change, although not consistently. It's hard to explain, so let me describe the symptoms.
The Start menu shows a prompt to verify the account information.
Outlook disconnects and shows 'Need Password' at the bottom.
Trying to 'verify' from the OS account settings app, or clicking 'need password' triggers the Authenticator prompt briefly in Windows, displaying the three loading dots, then disappearing without showing a code for the user to enter.
The only way we've found to address this is by deleting the Outlook profile from Control Panel > Mail settings, which forces the creation of a new profile. This resolves both of the issues above, and upon opening Outlook again, everything, including the Authenticator prompt, functions correctly.
While logging in at office.com works seamlessly (including Authenticator), it doesn't extend the authentication to the OS or Office. Restarting the device doesn't help. This problem affects both Windows 10 and Windows 11 machines.
Initially, we focused on troubleshooting with Office until noting the Windows account sync issue, hinting that the problem could be related to a setting in our Admin Center.
For fellow admins, have you faced similar challenges in your environments? Any thoughts on this?
Note: Revoking MFA sessions within Azure hasn't resolved the issue either.
- Drizzybro1Brass ContributorCheck Network Connectivity
Ensure that the PC has a stable internet connection (for AAD) or is connected to the corporate network (for AD).
Try accessing other network resources to confirm connectivity.
Verify Account Status
Check if the user's AAD/AD account is active and not locked out or disabled.
Verify that the account has not reached its password expiration limit.
Sign-in Issues
If encountering sign-in issues, attempt to reset the password through the appropriate method (e.g., self-service password reset).
Examine the event logs (Event Viewer -> Windows Logs -> Application and System) for any error messages related to sign-in attempts. - AaronwomCopper ContributorIf users are frequently changing passwords, there may be a lag in synchronization between on-premises AD and AAD. This could lead to temporary mismatches causing the symptoms you've described.