how to check the account lockout counter?

how to check the account lockout counter?
what is the path in the windows 2003, 2008 servers?
satheesh kumarAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
cwstad2Connect With a Mentor Commented:
Hi see the following path in the gpo editor for both server 2003/2008

In Group Policy Object Links, click Default Domain Policy or create and name your Group Policy object, and then click Edit.

Computer Configuration\Windows Settings\Security Settings\Account Policies\Account Lockout Policy
0
 
Justin YeungSenior Systems EngineerCommented:
Hi Author,

Do you want to set? or check?

The counter is based on an Attribute badpwdcount.
0
 
Leon TealePenetration TesterCommented:
Use powershell, Get-ADDefaultDomainPasswordPolicy,

----------


In addition to the standard Lightweight Directory Access Protocol (LDAP) attributes, you can retrieve the following extended properties of the Get-ADDefaultDomainPasswordPolicy cmdlet by using the -Properties parameter:

    ComplexityEnabled

    LockoutDuration

    LockoutObservationWindow

    LockoutThreshold

    MaxPasswordAge

    MinPasswordAge

    MinPasswordLength

    PasswordHistoryCount

    ReversibleEncryptionEnabled

For a full explanation of the parameters that you can pass to Get-ADDefaultDomainPasswordPolicy, at the Active Directory module command prompt, type Get-Help Get-ADDefaultDomainPasswordPolicy –detailed, and then press ENTER.
0
Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

 
Adam BrownSr Solutions ArchitectCommented:
The lockout timer determined by subtracting the lockout-time attribute that is written to the AD account at the time the user is locked out from the current time and comparing it with the lockout windows policy setting. If the result is less than the policy, the account remains locked out. Otherwise, the account is unlocked at login. The actual timer is not stored anywhere. It's just a value determined at login.
0
 
Ajit SinghCommented:
Please refer to below links might helps you to get in more detailed:

https://technet.microsoft.com/en-us/library/cc775412(v=ws.10).aspx

https://technet.microsoft.com/en-us/library/hh994568(v=ws.11).aspx

Hope this helps!
0
 
satheesh kumarAuthor Commented:
Nice solution
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.