search
Twitter Rss Feeds
MicrosoftArticlesForumsGroups
C# .NET
VB.NET
Visual Studio .NET
ADO.NET
Xml/Xslt
VB 6.0
.NET CF
GDI+
LINQ
Deployment
Security
FoxPro
Silverlight / WPF
Entity Framework
RIA Services

Web ProgrammingArticlesForumsGroups
JavaScript
ASP
ASP.NET
Web Services

Non-MicrosoftArticlesForumsGroups
NHibernate
Perl
PHP
Ruby
Java
Linux / Unix
Apple
Open Source

DatabasesArticlesForumsGroups
SQL Server
Access
Oracle
MySQL
Other Databases

OfficeArticlesForumsGroups
Microsoft Excel
Microsoft Word
Microsoft Powerpoint
Publisher
Money

Operating SystemsArticlesForumsGroups
Windows 7
Windows Server
Windows Vista
Windows XP
Windows Update
MAC
Linux / UNIX

Server PlatformsArticlesForumsGroups
Share Point
BizTalk
Site Server
Exhange Server
IIS
Transaction Server

Graphic DesignArticlesForumsGroups
Macromedia Flash
Adobe PhotoShop
Microsoft Expression

OtherArticlesForumsGroups
Subversion / CVS
Ask Dr. Dotnetsky
Active Directory
Networking
Uninstall Virus
Job Openings
Reviews
Search Engines
Resumes

 

Previous Thread:   Using Windows 2003 server in Windows 2000 domain.

11/28/2005 7:45:28 PM    Reset badPwdCount in ADAM
The badPwdCount attribute keeps a running total of the number of bad  
  
password attempts for a user account in ADAM.  The value of the  
  
attribute changes as shown below:  
  
- Start = 0  
  
- First wrong password attempt = 1  
  
- Second wrong attempt = 2  
  
- Correct password = 2  
  
- Correct password = 2  
  
.....  
  
- Correct password = 2  
  
- Third wrong attempt = 1  
  
As you can see, the value is not reset when the correct password is  
  
provided.  It is only reset when the next bad password is entered.  
  
i.e. once the value has been set it will never return to 0.  
  
This behaviour is impacted by the account policy setting "Reset account  
  
lockout after".  If this value is 1 hour, any bad password attempts  
  
within a 1 hour interval will be cumulative, even if one or more valid  
  
passwords are provided during that time.  For example, if the following  
  
attempts were all provided inside a 1 hour period:  
  
- Start = 0  
  
- First wrong attempt = 1  
  
- Second wrong attempt = 2  
  
- Correct password = 2  
  
- Correct password = 2  
  
.....  
  
- Correct password = 2  
  
- Third wrong attempt = 3  
  
This behaviour is creating issues in our environment (we have an  
  
account lockout policy of 6 wrong passwords and a reset account lockout  
  
period of 5 hours).  As an example: a user enters the wrong password  
  
too many times and locks out their account.  They call the help desk to  
  
have the password reset, but if they get their new password wrong just  
  
once more in the next 5 hours their user account will once again be  
  
locked.  Can this behaviour be changed somehow?  Once a user account is  
  
unlocked by an administrator (by resetting the password) i want the  
  
badPwdCount attribute to be effectively set to 0 so that the user has  
  
another 6 wrong password attempts up their sleeve before once again  
  
locking out their account.  
  
Any ideas would be really appreciated.  
  
Thanks, Hinch.

11/28/2005 10:12:24 PM    Re: Reset badPwdCount in ADAM
I have solved this issue.  
  
Resetting the password will set the value of the lockoutTime attribute  
  
to 0, but as described aboce, badPwdCount remains unchanged.  But if i  
  
then explicitly set the lockoutTime attribute to 0 the badPwdCount  
  
attribute will be set to 0.  
  
This definitely is strange.


Pete's Blog   |    Pete's Resume   |    Robbe's Blog   |    Robbe's Resume   |    Archive #2   |    Archive #3   |    Dotnetslackers   |    XmlPitStop   |    Advertise   |   Contact Us   |   Privacy   |   Copyright (c) 2000 - 2009 eggheadcafe.com  All rights reserved.