Account Lockout Problems

[Guest]

Hi There!

The following Account Lockout Policies have been defined in our Windows 2000
Active Directory Domain (through Default Domain Policy):

Account lockout duration: 15 minutes
Account lockout threshold: 5 invalid logon attempts
Reset account lockout counter after: 15 minutes

Therefore, based on the above policy settings, any user is getting locked
out after 5 invalid password attempts. But based on the policy definition the
account has to be auto unlocked after 15 minutes, but it is not happening.
Does anyone has any idea as to why this could be happening and how to resolve
this?

Regards

Arif

 

[Tim Macaulay[MSFT]]

Hello,

If you are seeing the account as Locked inside of Active Directory after
the Reset Account Lockout Counter time has passed, then have the user
login. The user should be able to login, which will force the UI in AD to
update. This is by design!

Cheers,
Tim Macaulay, MCSD, MCSD.NET, MCAD, MCP
Microsoft Developer Support ADSI
This posting is "AS IS" with no warranties, and confers no rights.

http://mact312.sts.winisp.net/programming/default.aspx

ADSI Start Page:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adsi/adsi/a
ctive_directory_service_interfaces_adsi.asp

System.DirectoryServices Portal
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dsportal/ds
portal/directory_services_portal.asp