Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

AD Account Lockout Time

Posted on 2014-10-16
10
Medium Priority
?
323 Views
Last Modified: 2014-11-17
Please see the two user’s sets of properties from our AD on mail.scyap.com. Look at the lockoutTime setting. On some user’s this is set to 0. If it is set to 0 it appears that it requires IT to manually unlock their account. This should not be the case. Our lockout policy is set to unlock their account after 20 minutes. I’m not sure why some say 0 and others say “not set”. How do we prevent this from happening? Also, the users with the 0 are seemingly sometimes just getting locked out for no reason and we have to manually unlock their accounts.

Thanks for any help.
ADLockout.docx
0
Comment
Question by:manndo
  • 5
  • 2
  • 2
  • +1
10 Comments
 
LVL 10

Assisted Solution

by:Senthil Kumar
Senthil Kumar earned 400 total points
ID: 40384933
Hi

Check your Group Policy for Account Lockout settings. Refer below link

http://www.selfadsi.org/extended-ad/user-unlock.htm
0
 

Author Comment

by:manndo
ID: 40384948
I have checked the policy. Actually, we just implemented it. The policy is set and working for all the users that have the attribute set to <not set> in their individual user settings, but it does not work for those set to 0. On those, every time they type in wrong - even once, it locks them out and we have to manually unlock it. My problem is, I do not know why some users have the 0 and I do not know how to change it......or at least I think that is my problem. :)
0
 
LVL 10

Assisted Solution

by:Senthil Kumar
Senthil Kumar earned 400 total points
ID: 40384984
Hi
May be the group policy is not enforced in these workstations. Can you run gpupdate /force from command line and check the lockout settings?
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
LVL 3

Assisted Solution

by:Glingo
Glingo earned 400 total points
ID: 40385138
Also after running  the gpupdate /force you can run a gpresult /r to check if your GPO applied properly and if not it will help you to troubleshot the issue
0
 

Author Comment

by:manndo
ID: 40385258
It says it was not applied. Reason is "Filtering: Not applied <Empty>". Not sure what that means.
0
 
LVL 3

Assisted Solution

by:Glingo
Glingo earned 400 total points
ID: 40385511
Did you open CMD as administrator?

Are the clients all running the same OS?

Are the problematic users in the same OU as the others?
0
 
LVL 14

Assisted Solution

by:Natty Greg
Natty Greg earned 200 total points
ID: 40386004
global group is different from OU policy, so if the computer and user not in the OU, it will not work, but if the policy was set globally, everyone has to adhere to it.
0
 

Author Comment

by:manndo
ID: 40386393
I was logged in as administrator to server.  I opened command prompt,  but didn't specifically open cmd prompt as administrator,  all users are in same ou,  all computers are in groups within the ou,  all users are running Windows  7.
0
 

Accepted Solution

by:
manndo earned 0 total points
ID: 40386394
It is the Default global policy.
0
 

Author Closing Comment

by:manndo
ID: 40446833
Sorry, but none of the solutions worked for my issue. However, I did learn some things, so I am splitting the points.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question