Solved

Can I lockout multiple accounts in AD at the same time?

Posted on 2007-11-18
5
233 Views
Last Modified: 2010-03-17
Due to a recent security review I need to lockout (not disable) about 150 accounts in AD. The only way I can see to do that is to manually attempt an incorrect password 4 or 5 times for each account. There must be an easier way?
0
Comment
Question by:peterfa
  • 3
  • 2
5 Comments
 
LVL 48

Accepted Solution

by:
Jay_Jay70 earned 125 total points
ID: 20309598
You cant "lock out an account" without the password attempts - that i am aware of anyway

why not just grab all the accounts, and expire them....you can bulk change that attributee easily enough
0
 

Author Comment

by:peterfa
ID: 20309620
that sounds promising.....do you know if email still works on an expired account? For example if after expiring it someone sends an email to that person will it still send an email back to the sender saying they are on maternity leave or whatever?
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 20309647
that i couldnt tell you to be honest....i beleive it disables the account taking a closer look...if you need an account enabled for mail but not being able to do anything else do what i do

New OU named restricted users
move all acounts into it
Grab all the accounts, and under the account tab - logon to - specify a computer that doesnt exist
You can also apply a policy which annihilates them doing anything at all
and mail still works :)
0
 

Author Comment

by:peterfa
ID: 20309665
I just tested it and mail works fine on an expired account, that looks the best solution  - thanks for your help
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 20309676
excellent, thanks for clarifying as i didnt know that either :)

Cheers mate
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

There are two modes of restricted groups GPOs. Replacing mode:   Additive mode:   How do they work? Replacing mode: Everything (users, groups, computers) that is member of the local administrators group will be cleared out. After th…
Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now