?
Solved

Can I lockout multiple accounts in AD at the same time?

Posted on 2007-11-18
5
Medium Priority
?
239 Views
Last Modified: 2010-03-17
Due to a recent security review I need to lockout (not disable) about 150 accounts in AD. The only way I can see to do that is to manually attempt an incorrect password 4 or 5 times for each account. There must be an easier way?
0
Comment
Question by:peterfa
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 48

Accepted Solution

by:
Jay_Jay70 earned 500 total points
ID: 20309598
You cant "lock out an account" without the password attempts - that i am aware of anyway

why not just grab all the accounts, and expire them....you can bulk change that attributee easily enough
0
 

Author Comment

by:peterfa
ID: 20309620
that sounds promising.....do you know if email still works on an expired account? For example if after expiring it someone sends an email to that person will it still send an email back to the sender saying they are on maternity leave or whatever?
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 20309647
that i couldnt tell you to be honest....i beleive it disables the account taking a closer look...if you need an account enabled for mail but not being able to do anything else do what i do

New OU named restricted users
move all acounts into it
Grab all the accounts, and under the account tab - logon to - specify a computer that doesnt exist
You can also apply a policy which annihilates them doing anything at all
and mail still works :)
0
 

Author Comment

by:peterfa
ID: 20309665
I just tested it and mail works fine on an expired account, that looks the best solution  - thanks for your help
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 20309676
excellent, thanks for clarifying as i didnt know that either :)

Cheers mate
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses
Course of the Month14 days, 18 hours left to enroll

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question