Can I lockout multiple accounts in AD at the same time?

Due to a recent security review I need to lockout (not disable) about 150 accounts in AD. The only way I can see to do that is to manually attempt an incorrect password 4 or 5 times for each account. There must be an easier way?
peterfaAsked:
Who is Participating?
 
Jay_Jay70Connect With a Mentor Commented:
You cant "lock out an account" without the password attempts - that i am aware of anyway

why not just grab all the accounts, and expire them....you can bulk change that attributee easily enough
0
 
peterfaAuthor Commented:
that sounds promising.....do you know if email still works on an expired account? For example if after expiring it someone sends an email to that person will it still send an email back to the sender saying they are on maternity leave or whatever?
0
 
Jay_Jay70Commented:
that i couldnt tell you to be honest....i beleive it disables the account taking a closer look...if you need an account enabled for mail but not being able to do anything else do what i do

New OU named restricted users
move all acounts into it
Grab all the accounts, and under the account tab - logon to - specify a computer that doesnt exist
You can also apply a policy which annihilates them doing anything at all
and mail still works :)
0
 
peterfaAuthor Commented:
I just tested it and mail works fine on an expired account, that looks the best solution  - thanks for your help
0
 
Jay_Jay70Commented:
excellent, thanks for clarifying as i didnt know that either :)

Cheers mate
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.