Solved

Accounts locking out After installing win2008 r2 DC's

Posted on 2011-09-14
9
452 Views
Last Modified: 2012-05-12
I manage a domain that is part of a forest. At the hub site, i removed the 2003 DC's and replaced them with 2008 R2 DC's. on the sites, 12 of them i still have 2003 DC'S running. Now I have an influx of account lockouts. How do i fix this? Can 2008 and 2003 work well together, Are the gpo's compatible.
ds001 is the is the pdc emulator and rid master, ds002 is the infrastructure master, bot are global catalogs.
0
Comment
Question by:Nsingh007
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
9 Comments
 
LVL 10

Accepted Solution

by:
SuperTaco earned 500 total points
ID: 36535829
sometime promoting a new DC will change the domain password policy.  It has mostly happened to me with SBS servers.  2003 and 2008 and 2008 R2 can all work together.  with no problems.  One thing that I have seen happen is the password policy changes,  (Get s more restrictive, whatever) and theri password expire because it no longer fits the security minimums.  their smart phones keep trying to log in to the domain to get email , and bingo, they are locked out.  
0
 

Author Comment

by:Nsingh007
ID: 36535955
All the accounts seem to be locking out on ds001, which was the last dc i added to the hub site
0
 

Author Comment

by:Nsingh007
ID: 36536194
i will change the password policy and see if this works
0
The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

 

Author Comment

by:Nsingh007
ID: 36537057
This is what it looks like now, when i installed 2008r2, the only difference was that the password length was 8, which i changed to six
Policy Setting
Enforce password history 14 passwords remembered
Maximum password age 60 days
Minimum password age 0 days
Minimum password length 6 characters
Password must meet complexity requirements Enabled
Store passwords using reversible encryption Disabled

Account Policies/Account Lockout Policyhide
Policy Setting
Account lockout duration 0 minutes
Account lockout threshold 3 invalid logon attempts
Reset account lockout counter after 1440 minutes

Account Policies/Kerberos Policyhide
Policy Setting
Enforce user logon restrictions Enabled
Maximum lifetime for service ticket 600 minutes
Maximum lifetime for user ticket 10 hours
Maximum lifetime for user ticket renewal 7 days
Maximum tolerance for computer clock synchronization 5 minutes
0
 

Author Comment

by:Nsingh007
ID: 36538352
Still having account lockouts
0
 
LVL 10

Expert Comment

by:SuperTaco
ID: 36538968
What other roles does ds001 have?  is it the ony Global Catalog?  you can try demoting it and re promoting it.  
0
 

Author Comment

by:Nsingh007
ID: 36539067
No, I have two global catalogs, ds002 is also a gc and infrastructure master
0
 
LVL 10

Expert Comment

by:SuperTaco
ID: 36539078
Ok. Try unplugging ds001 drom the net work and see if thry stop
0
 

Author Closing Comment

by:Nsingh007
ID: 36541242
This solution worked perfectly, THANK YOU.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question