An incorrect change to system configuration can accidentally disable a user in Active Directory. If a user can’t log into IT systems with Windows authentication, one of the reasons behind could be an accidentally performed change to system configuration. Open Event viewer and search Security log for event ID’s 4725 (User Account Management task category).Open ADSI Edit → Connect to Default naming context → Right-click DomainDNS object with the name of your domain → Properties → Security (Tab) → Advanced (Button) → Auditing (Tab) → Add Principal 'Everyone' → Type 'Success' → Applies to 'This object and Descendant objects' → Permissions → Select all check boxes except the following:.
