pramod1
asked on
active directory federation server, auth failures
below settings on our ADFS version 3.0
This is 2 consecutive bad passwords then Office 365 will soft lock the account and not send authentication requests to our internal AD.
Set-AdfsProperties -EnableExtranetLockout $true -ExtranetLockoutThreshold 2 -ExtranetObservationWindow (new-timespan -Minutes 60)
It is strongly recommend that ExtranetLockoutThreshold parameter value to a value that is less than the AD account lockout threshold. Failing to do so would result in AD FS being unable to protect accounts from being locked out in Active Directory. which is set up in our environment
we don't have adfs proxy set up
but we are seeing lot of ADFS auth failures for 2 user accounts
does above settings only work if auth failures come from o365
This is 2 consecutive bad passwords then Office 365 will soft lock the account and not send authentication requests to our internal AD.
Set-AdfsProperties -EnableExtranetLockout $true -ExtranetLockoutThreshold 2 -ExtranetObservationWindow
It is strongly recommend that ExtranetLockoutThreshold parameter value to a value that is less than the AD account lockout threshold. Failing to do so would result in AD FS being unable to protect accounts from being locked out in Active Directory. which is set up in our environment
we don't have adfs proxy set up
but we are seeing lot of ADFS auth failures for 2 user accounts
does above settings only work if auth failures come from o365
ASKER
It is locking them
ASKER
My question was if settings in ADFS is set to soft lock after 2 attempts how user account is getting locked out 5 times in AD
As I said, this (Accroding to Microsoft) normally only works when you have an ADFS Proxy. Extranet means it was received via a Proxy. So, it may not even been taking effect. If you have ADFS working in production, you really should have a proxy server unless all users, all the time, are internal. In which case, the Extranet settings would never take effect
ASKER
My question what is going now with no proxy in place
ASKER
What is not have been taking place?
ASKER
So u meanbextranet lockout is not working on ADFS server even it is said to true
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
When you say the failures come, is it soft locking the users? Locking their accounts?