+ Post New Thread
Results 1 to 10 of 10
Windows Server 2008 R2 Thread, Auto-Unlock Active Directory Accounts in Technical; Good Afternoon, I am after a way (scheduled script?) to auto unlock users accounts. We are getting numerous students coming ...
  1. #1

    Join Date
    Jan 2013
    Posts
    7
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Auto-Unlock Active Directory Accounts

    Good Afternoon,

    I am after a way (scheduled script?) to auto unlock users accounts. We are getting numerous students coming to us saying they can't log in, and all that's the problem is their account needs unlocking. They seem to get locked out when they switch between machines.

    Is there a script or any way of automating the searching for and unlocking of these locked accounts?

    Regards,

    Net-Eng

  2. #2

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,956
    Thank Post
    886
    Thanked 1,700 Times in 1,477 Posts
    Blog Entries
    12
    Rep Power
    448
    There is a group policy to automatically unlock the accounts after x amount of time?

  3. #3

    AngryTechnician's Avatar
    Join Date
    Oct 2008
    Posts
    3,730
    Thank Post
    698
    Thanked 1,212 Times in 761 Posts
    Rep Power
    394
    Yep, check under Computer Configuration > Policies > Windows Settings > Security Settings > Account Policies > Account Lockout Policy. I believe you need to change this on the GPO that applies to your domain controllers.

    Is there any pattern to the affected users? The only time we've had this, it was due to students intentionally locking out each others' accounts by entering the wrong password repeatedly.

  4. #4

    Join Date
    Jan 2013
    Posts
    7
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Thanks to both responses. I have updated the GP and will see how it goes.

    The client machines are Mac's and we believe it is happening when they switch between machines, but there is no pattern to this. Sometimes it happens, sometimes it doesn't.

  5. #5

    Join Date
    Jan 2013
    Posts
    7
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    After a week of having this policy in place, we are still getting users who are locked out and remaining locked out until we unlock them in AD. The GP settings we have are:
    Account lockout duration: 1 minute
    Account lockout threshold: 30 invalid logon attempts
    Reset account lockout counter after: 1 minute

    Is there anything else I can set, or does anyone have previous experience of this problem and an alternative solution to it?

    Net-Eng

  6. #6
    Tsonga's Avatar
    Join Date
    Oct 2012
    Location
    Dorset
    Posts
    155
    Thank Post
    9
    Thanked 19 Times in 16 Posts
    Rep Power
    7
    Are they switching from Mac to Mac? Or mac to PC?

  7. #7

    Join Date
    Jan 2013
    Posts
    7
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    They are switching Mac to Mac - sometimes iMac to iMac, sometimes iMac to MacBook and vice versa.

  8. #8
    Tsonga's Avatar
    Join Date
    Oct 2012
    Location
    Dorset
    Posts
    155
    Thank Post
    9
    Thanked 19 Times in 16 Posts
    Rep Power
    7
    IS their keychain being mapped to a network drive?

  9. #9

    Join Date
    Jan 2013
    Posts
    7
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    No not as far as I'm aware.
    Last edited by Net-Eng; 18th January 2013 at 03:58 PM.

  10. #10
    Lftek55's Avatar
    Join Date
    Mar 2012
    Location
    Norfolk
    Posts
    32
    Thank Post
    2
    Thanked 4 Times in 4 Posts
    Rep Power
    5
    Have they got a phone with the wrong password set on it? It might be trying to connect to the system.

SHARE:
+ Post New Thread

Similar Threads

  1. Active Directory account rename
    By cpjitservices in forum Windows Server 2008 R2
    Replies: 3
    Last Post: 12th December 2011, 11:08 AM
  2. Best Practices: LDAP/Active Directory and Account Provisioning
    By cgabbadon in forum How do you do....it?
    Replies: 5
    Last Post: 16th December 2010, 10:48 AM
  3. Sincronize Active Directory Accounts
    By flaviorodrigues in forum How do you do....it?
    Replies: 9
    Last Post: 16th August 2010, 01:49 PM
  4. Replies: 4
    Last Post: 14th July 2010, 03:16 PM
  5. Find the location of a user account in Active Directory
    By FN-GM in forum Wiki Announcements
    Replies: 0
    Last Post: 26th March 2008, 11:58 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •