Solved

AD Account Lockout Time

Posted on 2014-10-16
10
242 Views
Last Modified: 2014-11-17
Please see the two user’s sets of properties from our AD on mail.scyap.com. Look at the lockoutTime setting. On some user’s this is set to 0. If it is set to 0 it appears that it requires IT to manually unlock their account. This should not be the case. Our lockout policy is set to unlock their account after 20 minutes. I’m not sure why some say 0 and others say “not set”. How do we prevent this from happening? Also, the users with the 0 are seemingly sometimes just getting locked out for no reason and we have to manually unlock their accounts.

Thanks for any help.
ADLockout.docx
0
Comment
Question by:manndo
  • 5
  • 2
  • 2
  • +1
10 Comments
 
LVL 10

Assisted Solution

by:Senthil Kumar
Senthil Kumar earned 200 total points
Comment Utility
Hi

Check your Group Policy for Account Lockout settings. Refer below link

http://www.selfadsi.org/extended-ad/user-unlock.htm
0
 

Author Comment

by:manndo
Comment Utility
I have checked the policy. Actually, we just implemented it. The policy is set and working for all the users that have the attribute set to <not set> in their individual user settings, but it does not work for those set to 0. On those, every time they type in wrong - even once, it locks them out and we have to manually unlock it. My problem is, I do not know why some users have the 0 and I do not know how to change it......or at least I think that is my problem. :)
0
 
LVL 10

Assisted Solution

by:Senthil Kumar
Senthil Kumar earned 200 total points
Comment Utility
Hi
May be the group policy is not enforced in these workstations. Can you run gpupdate /force from command line and check the lockout settings?
0
 
LVL 3

Assisted Solution

by:Glingo
Glingo earned 200 total points
Comment Utility
Also after running  the gpupdate /force you can run a gpresult /r to check if your GPO applied properly and if not it will help you to troubleshot the issue
0
 

Author Comment

by:manndo
Comment Utility
It says it was not applied. Reason is "Filtering: Not applied <Empty>". Not sure what that means.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 3

Assisted Solution

by:Glingo
Glingo earned 200 total points
Comment Utility
Did you open CMD as administrator?

Are the clients all running the same OS?

Are the problematic users in the same OU as the others?
0
 
LVL 9

Assisted Solution

by:nattygreg
nattygreg earned 100 total points
Comment Utility
global group is different from OU policy, so if the computer and user not in the OU, it will not work, but if the policy was set globally, everyone has to adhere to it.
0
 

Author Comment

by:manndo
Comment Utility
I was logged in as administrator to server.  I opened command prompt,  but didn't specifically open cmd prompt as administrator,  all users are in same ou,  all computers are in groups within the ou,  all users are running Windows  7.
0
 

Accepted Solution

by:
manndo earned 0 total points
Comment Utility
It is the Default global policy.
0
 

Author Closing Comment

by:manndo
Comment Utility
Sorry, but none of the solutions worked for my issue. However, I did learn some things, so I am splitting the points.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Suggested Solutions

this article is a guided solution for most of the common server issues in server hardware tasks we are facing in our routine job works. the topics in the following article covered are, 1) dell hardware raidlevel (Perc) 2) adding HDD 3) how t…
A procedure for exporting installed hotfix details of remote computers using powershell
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now