Re: Account Lockout Threshold change - Not taking effect
- From: "Ace Fekay [MCT]" <aceman@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 14 Sep 2009 12:29:14 -0400
"sekhar" <sekhar@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:EE341FDE-2DEC-474D-8178-6C6FA2F21C20@xxxxxxxxxxxxxxxx
Hi Sekhar,
Maybe I may not be understanding what you are saying. Are you saying the GPO with the 5 attempts setting is not linked at the domain level, but rather it is liniked on an OU somewhere, such as where the Users OU is?
If it is on an OU, the password setting does not work. It only works if linked at the domain level, no where else. If it is 2008, there is a provision to make it work, but not with 2003 or older.
Ace
Hi Ace,
The other policy is linked at the domain level. It is at the lower OU level.
I even changed the settings to 5 attempt. But still it locks at 3 attempts.
Not sure from where it pulls the count of 3.
"Ace Fekay [MCT]" wrote:
"sekhar" <sekhar@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:3688E5DD-FC3A-46BF-928C-B1498ED8978E@xxxxxxxxxxxxxxxx
> Hi,
>
> Yes, we tested. The account gets locked at 3 attempts, and not 5. The
> correct default domin policy is getting applied, and it shows 5 > attempts.
> But
> still no luck....
Have you tried unlinking the additional GPO you've created at the Domain
level, and making sure the Default Domain Policy is set to 5 attempts, and
try again? If that works, that tells you it is pulling it from the default
domain. If you want to create an additional GPO with password control, you
will have to remove the settings in the Default Domain Policy and not change
the order of the GPOs at the domain level, since we would want thecdefault
GPO to run first.
If that doesn't work, then there is something else going on, such as
possible AD-client communications issues. I am assuming that none of the
machines (DC and clients) are using an external DNS server (such as the
ISP), and the DC is not multihomed (more than one NIC and/or IP address).
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.
Ace Fekay, MCT, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA Messaging
Microsoft Certified Trainer
For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.
.
- Follow-Ups:
- References:
- Account Lockout Threshold change - Not taking effect
- From: sekhar
- Re: Account Lockout Threshold change - Not taking effect
- From: Meinolf Weber [MVP-DS]
- Re: Account Lockout Threshold change - Not taking effect
- From: sekhar
- Re: Account Lockout Threshold change - Not taking effect
- From: Meinolf Weber [MVP-DS]
- Re: Account Lockout Threshold change - Not taking effect
- From: sekhar
- Re: Account Lockout Threshold change - Not taking effect
- From: Florian Frommherz [MVP]
- Re: Account Lockout Threshold change - Not taking effect
- From: sekhar
- Re: Account Lockout Threshold change - Not taking effect
- From: Florian Frommherz [MVP]
- Re: Account Lockout Threshold change - Not taking effect
- From: sekhar
- Re: Account Lockout Threshold change - Not taking effect
- From: Ace Fekay [MCT]
- Re: Account Lockout Threshold change - Not taking effect
- From: sekhar
- Account Lockout Threshold change - Not taking effect
- Prev by Date: Re: Renaming the domain controllers
- Next by Date: Re: Account Lockout Threshold change - Not taking effect
- Previous by thread: Re: Account Lockout Threshold change - Not taking effect
- Next by thread: Re: Account Lockout Threshold change - Not taking effect
- Index(es):
Relevant Pages
|
Loading
