Re: Ad2003 - locked-out accounts are not unlocking automatically
- From: "Al Mulnick" <amulnick_No_SPAM@xxxxxxxxxxx>
- Date: Tue, 8 Apr 2008 10:15:43 -0400
Why is the check greyed? Are you not an admin?
What is the scope of the problem exactly? Is it everyone gets the same
results or just a few users?
What do you see in the event logs of the domain controllers (seems like
something you should have checked by now, but want to be sure we're covering
the bases)?
What I think you want to look for the most is that the policy is being
applied to the domain controllers as expected and without issue.
"Radovan Vojtek" <RadovanVojtek@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F458C02E-42C4-4785-BD61-D8B9308B5E03@xxxxxxxxxxxxxxxx
Hi all,
I've set my domain as follows:
Account lockout duration: 60 minutes
Account lockout threshold: 10 invalid logon attempts
Reset account lockout counter after: 60 minutes
However, accounts that got locked-out are not automatically unlocked after
60min. In ADUC the checkob for unlock user is greyed but I can list tha
account with the following LDAP query:
(&(&(&(&(objectCategory=person)(objectClass=user)(lockoutTime:1.2.840.113556.1.4.804:=4294967295)))))
The only way to unlock that account is user the VBS script with this
command:
objUser.IsAccountLocked = FALSE
Is there any way to find out what's wrong with the domain?
Thanks,
--
R.V.
.
- References:
- Ad2003 - locked-out accounts are not unlocking automatically
- From: Radovan Vojtek
- Ad2003 - locked-out accounts are not unlocking automatically
- Prev by Date: RE: Domain Trusts
- Next by Date: DNS and AD
- Previous by thread: Ad2003 - locked-out accounts are not unlocking automatically
- Next by thread: Re: Ad2003 - locked-out accounts are not unlocking automatically
- Index(es):
Relevant Pages
|
