Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

how to check the account lockout counter?

Posted on 2016-10-09
6
Medium Priority
?
118 Views
Last Modified: 2016-10-14
how to check the account lockout counter?
what is the path in the windows 2003, 2008 servers?
0
Comment
Question by:satheesh kumar
6 Comments
 
LVL 15

Accepted Solution

by:
cwstad2 earned 2000 total points
ID: 41835915
Hi see the following path in the gpo editor for both server 2003/2008

In Group Policy Object Links, click Default Domain Policy or create and name your Group Policy object, and then click Edit.

Computer Configuration\Windows Settings\Security Settings\Account Policies\Account Lockout Policy
0
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 41835941
Hi Author,

Do you want to set? or check?

The counter is based on an Attribute badpwdcount.
0
 
LVL 6

Expert Comment

by:Leon Teale
ID: 41836199
Use powershell, Get-ADDefaultDomainPasswordPolicy,

----------


In addition to the standard Lightweight Directory Access Protocol (LDAP) attributes, you can retrieve the following extended properties of the Get-ADDefaultDomainPasswordPolicy cmdlet by using the -Properties parameter:

    ComplexityEnabled

    LockoutDuration

    LockoutObservationWindow

    LockoutThreshold

    MaxPasswordAge

    MinPasswordAge

    MinPasswordLength

    PasswordHistoryCount

    ReversibleEncryptionEnabled

For a full explanation of the parameters that you can pass to Get-ADDefaultDomainPasswordPolicy, at the Active Directory module command prompt, type Get-Help Get-ADDefaultDomainPasswordPolicy –detailed, and then press ENTER.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 43

Expert Comment

by:Adam Brown
ID: 41836332
The lockout timer determined by subtracting the lockout-time attribute that is written to the AD account at the time the user is locked out from the current time and comparing it with the lockout windows policy setting. If the result is less than the policy, the account remains locked out. Otherwise, the account is unlocked at login. The actual timer is not stored anywhere. It's just a value determined at login.
0
 
LVL 16

Expert Comment

by:Ajit Singh
ID: 41841878
Please refer to below links might helps you to get in more detailed:

https://technet.microsoft.com/en-us/library/cc775412(v=ws.10).aspx

https://technet.microsoft.com/en-us/library/hh994568(v=ws.11).aspx

Hope this helps!
0
 

Author Closing Comment

by:satheesh kumar
ID: 41844145
Nice solution
0

Featured Post

Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

877 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question