Overview[1] #

PwdAccountLockedTime attribute holds the time that the user's account was locked.

A locked account means that the password may no longer be used to authenticate.

PwdAccountLockedTime is used to indicate the account is Administratively Disabled.

A 000001010000Z value means that the account has been locked permanently, and that only a password administrator can unlock the account.

Attribute Definition#

The PwdAccountLockedTime AttributeTypes is defined as:

• OID of 1.3.6.1.4.1.42.2.27.8.1.17
• NAME: PwdAccountLockedTime
• DESC: 'The time an user account was locked'
• EQUALITY: GeneralizedTimeMatch
• ORDERING: GeneralizedTimeOrderingMatch
• SYNTAX: 1.3.6.1.4.1.1466.115.121.1.24
• SINGLE-VALUE
• NO-USER-MODIFICATION
• USAGE DirectoryOperation

EDirectory#

For EDirectory, the LoginIntruderResetTime and PwdAccountLockedTime will typically have the same values.

PwdAccountLockedTime is cleared upon a successful login following an Intruder Detection.

More Information #

There might be more information for this subject on one of the following:

• 1.3.6.1.4.1.42.2.27.8.1.17
• 2.16.840.1.113719.1.1.6.1.33
• 2.16.840.1.113719.1.39.43.6.4
• Administratively Disabled
• Draft-behera-ldap-password-policy
• Locked Account Check
• Locked By Intruder
• NdsLoginProperties
• NspmPasswordAux
• Password Policy State Information
• SCIM Password Management Extension

---

• [#1] - Draft-behera-ldap-password-policy