Printable View
On our Windows Server 2003 we have few applications installed and as per their demand we need to temporarily or may be permanently lock the AD accounts. Note we just need to lock AD and not disable them. So can anyone please tell me if it is possible? If yes, please let me know how.
Thanks for all your helps.
To me it sounds bit surprising because if you lock the AD Account, it will not allow any user to signing, right? I dont know what kind of application is demanding you to do so. I mean what is the use of server if users are not able to signin.
Good question Scarlet. Ok let me explain. Actually there are many users who left temporary and they want their office to be locked down but not disabled. So for security reason we need to do that. ANd if we do so they already appear in the Exchange 2007 GAL, right?
Hello Oscar. I think your problem belong's to exchange OAB and cached mode i think. Better post this to:
microsoft.public.exchange.clients
microsoft.public.exchange.admin
microsoft.public.exchange.misc
Check this article to modify the UserAccountControl flags:
http://support.microsoft.com/kb/305144
Best regards
Disabling one account is possible but not locking an account. In order to lock an account you will need to attempt wrong passwords to login with that particular account unless the threshold is hit that is configured in the password and account gets locked itself with policy settings
.