This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Lockouttime
Lockouttime

Version management

Difference between version and

At line 1 added 43 lines
!!! AD lockoutTime
[{$pagename}] [Microsoft Active Directory] [attribute] specifies the date and time (in UTC) that this account was locked out for [Intruder Detection]
This value is stored as [LargeInteger] [LDAPSyntaxes]
A value of zero means that the account is __NOT__ currently locked out.
[{$pagename}] can only triggered by the system itself.\\
(please don't mix this up with the normal [disable/enable|Administratively Disabled] operation for user accounts. You can search in the directory for locked accounts.)
The only values that may be set on this is to set the value to "0" which will effectively un-lock the account.
{{{
cn: Lockout-Time
ldapDisplayName: lockoutTime
attributeId: 1.2.840.113556.1.4.662
attributeSyntax: 2.5.5.16
omSyntax: 65
isSingleValued: TRUE
schemaIdGuid: 28630ebf-41d5-11d1-a9c1-0000f80367c1
systemOnly: FALSE
searchFlags: 0
systemFlags: FLAG_SCHEMA_BASE_OBJECT
}}}
! Warning
[{$pagename}] attribute is __only reset__ following a successful [authentication].
This implies that the lockoutTime attribute may be non-zero yet the account is __not__ locked out.
The only accurately method to determine if the account is locked out, is to add the [Lockout-Duration] to the [lockouttime] and compare the result to the current time. Be careful as depending on how you are reading the values you may need account for local time zones and daylight savings time.
!!Version-Specific Behavior:
* Implemented on Active Directory® Application Mode (ADAM)
* Windows Server® 2008 operating system
* Active Directory® Lightweight Directory Services (AD LDS)for Windows® Vista
* Windows Server® 2008 R2 operating system
* Active Directory® Lightweight Directory Services (AD LDS) for Windows® 7
![Active Directory Account Lockout]
Describes details on [Active Directory Account Lockout].
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop