Announcement

Collapse
No announcement yet.

how to lock user manaually in AD

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • how to lock user manaually in AD

    can any one tell me that how i can lock a user in Active Directory manually.is here any option or something ?
    waiting ur response

    Balal Ahmad
    (balal604)

  • #2
    Re: how to lock user manaually in AD

    What do you mean by 'Lock' = Do you not mean disable?

    If disable then you should be able to right click on the users account and then select Disable.

    If this is not what you mean then please provide more info.

    Thanks

    Michael
    Michael Armstrong
    www.m80arm.co.uk
    MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    Comment


    • #3
      Re: how to lock user manaually in AD

      The only way to lock out an account is to get the password wrong 3 times. You are better off disabling it as Mike says; but if you really really MUST lock it out you can try to map a drive using the user ID and a wrong password 3 times; even better use a command script to do the same:

      @echo wrongpasswd|net use * \\server\share /u:username
      @echo wrongpasswd|net use * \\server\share /u:username
      @echo wrongpasswd|net use * \\server\share /u:username

      (I'm not certain that "piping" the password will work - if not you'll have to type a wrong password 3 times.)


      Tom
      For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

      Anything you say will be misquoted and used against you

      Comment


      • #4
        Re: how to lock user manaually in AD

        Originally posted by bilal604 View Post
        can any one tell me that how i can lock a user in Active Directory manually.is here any option or something ?
        waiting ur response

        Balal Ahmad
        (balal604)
        There's a way to do it.
        AD attribute is "lockoutTime". Set it to the date/time that the account was locked out. I believe large int is a 64bit value so you'll need to convert date/time to a 64bit number.
        The account will remain locked until the LockoutTime + Lockout-Duration are >= current date/time.
        Originally posted by MSDN
        This value is stored as a large integer that represents the number of 100 nanosecond intervals since January 1, 1601 (UTC).
        You're better off disabling the account. I presented this because it's possible, not because it was easy.



        To disable from cmd line use dsmod.
        Last edited by ahinson; 16th June 2007, 06:02.
        Andrew

        ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

        Comment

        Working...
        X