Solved

Can I lockout multiple accounts in AD at the same time?

Posted on 2007-11-18
5
237 Views
Last Modified: 2010-03-17
Due to a recent security review I need to lockout (not disable) about 150 accounts in AD. The only way I can see to do that is to manually attempt an incorrect password 4 or 5 times for each account. There must be an easier way?
0
Comment
Question by:peterfa
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 48

Accepted Solution

by:
Jay_Jay70 earned 125 total points
ID: 20309598
You cant "lock out an account" without the password attempts - that i am aware of anyway

why not just grab all the accounts, and expire them....you can bulk change that attributee easily enough
0
 

Author Comment

by:peterfa
ID: 20309620
that sounds promising.....do you know if email still works on an expired account? For example if after expiring it someone sends an email to that person will it still send an email back to the sender saying they are on maternity leave or whatever?
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 20309647
that i couldnt tell you to be honest....i beleive it disables the account taking a closer look...if you need an account enabled for mail but not being able to do anything else do what i do

New OU named restricted users
move all acounts into it
Grab all the accounts, and under the account tab - logon to - specify a computer that doesnt exist
You can also apply a policy which annihilates them doing anything at all
and mail still works :)
0
 

Author Comment

by:peterfa
ID: 20309665
I just tested it and mail works fine on an expired account, that looks the best solution  - thanks for your help
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 20309676
excellent, thanks for clarifying as i didnt know that either :)

Cheers mate
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question