Solved

how to check the account lockout counter?

Posted on 2016-10-09
6
89 Views
Last Modified: 2016-10-14
how to check the account lockout counter?
what is the path in the windows 2003, 2008 servers?
0
Comment
Question by:satheesh kumar
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 15

Accepted Solution

by:
cwstad2 earned 500 total points
ID: 41835915
Hi see the following path in the gpo editor for both server 2003/2008

In Group Policy Object Links, click Default Domain Policy or create and name your Group Policy object, and then click Edit.

Computer Configuration\Windows Settings\Security Settings\Account Policies\Account Lockout Policy
0
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 41835941
Hi Author,

Do you want to set? or check?

The counter is based on an Attribute badpwdcount.
0
 
LVL 6

Expert Comment

by:Leon Teale
ID: 41836199
Use powershell, Get-ADDefaultDomainPasswordPolicy,

----------


In addition to the standard Lightweight Directory Access Protocol (LDAP) attributes, you can retrieve the following extended properties of the Get-ADDefaultDomainPasswordPolicy cmdlet by using the -Properties parameter:

    ComplexityEnabled

    LockoutDuration

    LockoutObservationWindow

    LockoutThreshold

    MaxPasswordAge

    MinPasswordAge

    MinPasswordLength

    PasswordHistoryCount

    ReversibleEncryptionEnabled

For a full explanation of the parameters that you can pass to Get-ADDefaultDomainPasswordPolicy, at the Active Directory module command prompt, type Get-Help Get-ADDefaultDomainPasswordPolicy –detailed, and then press ENTER.
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 41

Expert Comment

by:Adam Brown
ID: 41836332
The lockout timer determined by subtracting the lockout-time attribute that is written to the AD account at the time the user is locked out from the current time and comparing it with the lockout windows policy setting. If the result is less than the policy, the account remains locked out. Otherwise, the account is unlocked at login. The actual timer is not stored anywhere. It's just a value determined at login.
0
 
LVL 13

Expert Comment

by:Ajit (Kevin k)
ID: 41841878
Please refer to below links might helps you to get in more detailed:

https://technet.microsoft.com/en-us/library/cc775412(v=ws.10).aspx

https://technet.microsoft.com/en-us/library/hh994568(v=ws.11).aspx

Hope this helps!
0
 

Author Closing Comment

by:satheesh kumar
ID: 41844145
Nice solution
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question