• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 458
  • Last Modified:

Accounts locking out After installing win2008 r2 DC's

I manage a domain that is part of a forest. At the hub site, i removed the 2003 DC's and replaced them with 2008 R2 DC's. on the sites, 12 of them i still have 2003 DC'S running. Now I have an influx of account lockouts. How do i fix this? Can 2008 and 2003 work well together, Are the gpo's compatible.
ds001 is the is the pdc emulator and rid master, ds002 is the infrastructure master, bot are global catalogs.
0
Nsingh007
Asked:
Nsingh007
  • 6
  • 3
1 Solution
 
SuperTacoCommented:
sometime promoting a new DC will change the domain password policy.  It has mostly happened to me with SBS servers.  2003 and 2008 and 2008 R2 can all work together.  with no problems.  One thing that I have seen happen is the password policy changes,  (Get s more restrictive, whatever) and theri password expire because it no longer fits the security minimums.  their smart phones keep trying to log in to the domain to get email , and bingo, they are locked out.  
0
 
Nsingh007Author Commented:
All the accounts seem to be locking out on ds001, which was the last dc i added to the hub site
0
 
Nsingh007Author Commented:
i will change the password policy and see if this works
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
Nsingh007Author Commented:
This is what it looks like now, when i installed 2008r2, the only difference was that the password length was 8, which i changed to six
Policy Setting
Enforce password history 14 passwords remembered
Maximum password age 60 days
Minimum password age 0 days
Minimum password length 6 characters
Password must meet complexity requirements Enabled
Store passwords using reversible encryption Disabled

Account Policies/Account Lockout Policyhide
Policy Setting
Account lockout duration 0 minutes
Account lockout threshold 3 invalid logon attempts
Reset account lockout counter after 1440 minutes

Account Policies/Kerberos Policyhide
Policy Setting
Enforce user logon restrictions Enabled
Maximum lifetime for service ticket 600 minutes
Maximum lifetime for user ticket 10 hours
Maximum lifetime for user ticket renewal 7 days
Maximum tolerance for computer clock synchronization 5 minutes
0
 
Nsingh007Author Commented:
Still having account lockouts
0
 
SuperTacoCommented:
What other roles does ds001 have?  is it the ony Global Catalog?  you can try demoting it and re promoting it.  
0
 
Nsingh007Author Commented:
No, I have two global catalogs, ds002 is also a gc and infrastructure master
0
 
SuperTacoCommented:
Ok. Try unplugging ds001 drom the net work and see if thry stop
0
 
Nsingh007Author Commented:
This solution worked perfectly, THANK YOU.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

  • 6
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now