Solved

AD Account Lockout Time

Posted on 2014-10-16
10
262 Views
Last Modified: 2014-11-17
Please see the two user’s sets of properties from our AD on mail.scyap.com. Look at the lockoutTime setting. On some user’s this is set to 0. If it is set to 0 it appears that it requires IT to manually unlock their account. This should not be the case. Our lockout policy is set to unlock their account after 20 minutes. I’m not sure why some say 0 and others say “not set”. How do we prevent this from happening? Also, the users with the 0 are seemingly sometimes just getting locked out for no reason and we have to manually unlock their accounts.

Thanks for any help.
ADLockout.docx
0
Comment
Question by:manndo
  • 5
  • 2
  • 2
  • +1
10 Comments
 
LVL 10

Assisted Solution

by:Senthil Kumar
Senthil Kumar earned 200 total points
ID: 40384933
Hi

Check your Group Policy for Account Lockout settings. Refer below link

http://www.selfadsi.org/extended-ad/user-unlock.htm
0
 

Author Comment

by:manndo
ID: 40384948
I have checked the policy. Actually, we just implemented it. The policy is set and working for all the users that have the attribute set to <not set> in their individual user settings, but it does not work for those set to 0. On those, every time they type in wrong - even once, it locks them out and we have to manually unlock it. My problem is, I do not know why some users have the 0 and I do not know how to change it......or at least I think that is my problem. :)
0
 
LVL 10

Assisted Solution

by:Senthil Kumar
Senthil Kumar earned 200 total points
ID: 40384984
Hi
May be the group policy is not enforced in these workstations. Can you run gpupdate /force from command line and check the lockout settings?
0
Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

 
LVL 3

Assisted Solution

by:Glingo
Glingo earned 200 total points
ID: 40385138
Also after running  the gpupdate /force you can run a gpresult /r to check if your GPO applied properly and if not it will help you to troubleshot the issue
0
 

Author Comment

by:manndo
ID: 40385258
It says it was not applied. Reason is "Filtering: Not applied <Empty>". Not sure what that means.
0
 
LVL 3

Assisted Solution

by:Glingo
Glingo earned 200 total points
ID: 40385511
Did you open CMD as administrator?

Are the clients all running the same OS?

Are the problematic users in the same OU as the others?
0
 
LVL 12

Assisted Solution

by:Natty Greg
Natty Greg earned 100 total points
ID: 40386004
global group is different from OU policy, so if the computer and user not in the OU, it will not work, but if the policy was set globally, everyone has to adhere to it.
0
 

Author Comment

by:manndo
ID: 40386393
I was logged in as administrator to server.  I opened command prompt,  but didn't specifically open cmd prompt as administrator,  all users are in same ou,  all computers are in groups within the ou,  all users are running Windows  7.
0
 

Accepted Solution

by:
manndo earned 0 total points
ID: 40386394
It is the Default global policy.
0
 

Author Closing Comment

by:manndo
ID: 40446833
Sorry, but none of the solutions worked for my issue. However, I did learn some things, so I am splitting the points.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
In-place Upgrading Dirsync to Azure AD Connect
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question