Forum Discussion
Admin account Lockout
Hi All - I have been asked to implement password chages ppoicy at a site we support. During this process I also setup account lockout policy after 5 invalid attempts The option Allow Administrator ...
Boot into Directory Services Restore Mode (DSRM):
- Restart the domain controller and boot into DSRM.
- During startup, press F8 to access advanced boot options, then select Directory Services Restore Mode.
- Log in using the DSRM password that was set when the domain was promoted.
2. Modify the Lockout Policy:
- After logging into DSRM:
- Open the Local Group Policy Editor by typing gpedit.msc.
- Computer Configuration > Windows Settings > Security Settings > Account Policies > Account Lockout Policy
- Disable the Allow Administrator Account Lockout setting or adjust the lockout duration and threshold to prevent further issues.
Reset the Locked Administrator Account:
- Use the Active Directory Users and Computers (ADUC) snap-in:
- Unlock the account manually:
- Open ADUC.
- Locate the administrator account.
- Right-click the account and select Properties.
- Uncheck Account is locked out under the Account tab.
- Unlock the account manually:
- If ADUC is inaccessible, use Command Promp
net user administrator /active:yes
net user administrator * # Reset the password if necessary
. Restart Normally:
- Restart the domain controller in normal mode and log in with the administrator account.
Policy cannot be changed as showing locked. Please see attached screenshot.
