asked on

Active Directory Account Lockout

We recently invoked a new password policy for our 2003 active directory domain. One of the users keeps getting locked out since the password policy was put in place. I checked to make sure there were no services using this account to start up and there are none. I have since deactivated the password policy. When I go to change the users password back to the old one I'm still getting a message saying that the password doesn't meet the complexity set in the policy. I've double checked the GPM and everything for the policy is turned off. Any ideas?

Christopher Martinez

Well for the constant lockouts i would check the users cached password directory (control panel < User Accounts < Advanced < Manage Passwords) And clear anything in there. if the user cached a old password and changed it its possible the auto logins will lock out the user.

HiS_SlyneSS

In your password complexity policy, make sure you select "disable" not just untick "Define this Policy"

Sly

jfields71

Double-check the settings:
http://www.petri.co.il/disable_password_requirement_in_win2003_domain.htm

Also, you can use Microsoft's tools to discover what is locking the account:
http://technet.microsoft.com/en-us/library/cc738772.aspx

ChiefIT

I agree with Bahpoopie:

Roachy1979

Did the user get the same password as before? It could be a service on the users machine or something else on the network that uses that users credentials...

The account lockout tools jfields71 mentioned are very useful for diagnosing the problem...

http://technet.microsoft.com/en-us/library/cc738772.aspx

ASKER CERTIFIED SOLUTION

taltomare

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial