AD Account Lockout Time

Please see the two user’s sets of properties from our AD on Look at the lockoutTime setting. On some user’s this is set to 0. If it is set to 0 it appears that it requires IT to manually unlock their account. This should not be the case. Our lockout policy is set to unlock their account after 20 minutes. I’m not sure why some say 0 and others say “not set”. How do we prevent this from happening? Also, the users with the 0 are seemingly sometimes just getting locked out for no reason and we have to manually unlock their accounts.

Thanks for any help.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Senthil KumarCommented:

Check your Group Policy for Account Lockout settings. Refer below link
manndoAuthor Commented:
I have checked the policy. Actually, we just implemented it. The policy is set and working for all the users that have the attribute set to <not set> in their individual user settings, but it does not work for those set to 0. On those, every time they type in wrong - even once, it locks them out and we have to manually unlock it. My problem is, I do not know why some users have the 0 and I do not know how to change it......or at least I think that is my problem. :)
Senthil KumarCommented:
May be the group policy is not enforced in these workstations. Can you run gpupdate /force from command line and check the lockout settings?
SolarWinds® IP Control Bundle (IPCB)

Combines SolarWinds IP Address Manager and User Device Tracker to help detect IP conflicts, quickly identify affected systems, and help your team take near instantaneous action. Help improve visibility and enhance reliability with SolarWinds IP Control Bundle.

GlingoSystem AdministratorCommented:
Also after running  the gpupdate /force you can run a gpresult /r to check if your GPO applied properly and if not it will help you to troubleshot the issue
manndoAuthor Commented:
It says it was not applied. Reason is "Filtering: Not applied <Empty>". Not sure what that means.
GlingoSystem AdministratorCommented:
Did you open CMD as administrator?

Are the clients all running the same OS?

Are the problematic users in the same OU as the others?
Natty GregIn Theory (IT)Commented:
global group is different from OU policy, so if the computer and user not in the OU, it will not work, but if the policy was set globally, everyone has to adhere to it.
manndoAuthor Commented:
I was logged in as administrator to server.  I opened command prompt,  but didn't specifically open cmd prompt as administrator,  all users are in same ou,  all computers are in groups within the ou,  all users are running Windows  7.
manndoAuthor Commented:
It is the Default global policy.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
manndoAuthor Commented:
Sorry, but none of the solutions worked for my issue. However, I did learn some things, so I am splitting the points.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Server Hardware

From novice to tech pro — start learning today.