Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Account Lockout in AD (Server 2008)

Status
Not open for further replies.
wlfpackr

wlfpackr

IS-IT--Management
May 3, 2003
161
0
0
US
I have a question about the account lockout attribute in AD. We have a current process in place that disables users when they take a leave of absense. I'm being asked to change the process to "lockout" the user versus "disabling" the user b/c it's causing some other areas some headaches. So far, I don't see a way to do it outside of sitting down and learning some C# and I'm not really sure if that code was legit.

Outside of sending incorrect password attempts, is there a way to programmatically force a lockout on a user account? I tried setting UAC to 528, but that didn't work. Perhaps the easier question to answer is if we can force the lockout, is the account just going to be automatically unlocked based on the 30min Account Lockout Duration that's set by our group policy?

=================
There are 10 kinds of people in this world, those that understand binary and those that do not.
 
Sort by date Sort by votes
If the account is locked out, the lockout duration timer will unlock them. You really do want to disable the accounts if that is what you are trying to do. What are the specific problems that other areas have with the account being disabled?
 
Upvote 0 Downvote
The claim is when the account is disabled in AD, their systems drop access. Then when the person comes back, they have to rebuild access from scratch. I'm bound by HR policy though (and I control AD [smile]) so they may just be out of luck.

=================
There are 10 kinds of people in this world, those that understand binary and those that do not.
 
Upvote 0 Downvote
The whole point of disabling or locking out the account is for their account not to have access. If there is account sharing or something else going on, it should be addressed by other means.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
225
Aquiles Vidal
Aquiles Vidal
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
245
suncit
suncit
MaioMaio
  • Question
Server Remote Desktop License
Replies
0
Views
181
MaioMaio
MaioMaio
ravalos
  • Question
Problem with PDFs in IIS
Replies
1
Views
390
gbaughma
gbaughma
antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
191
antonio_dsanchez
antonio_dsanchez

Part and Inventory Search

Sponsor

Back
Top