How it works...
Active Directory comes with a built-in password policy. This is the password policy that is automatically set at the Active Directory domain level. This default policy does not enable account lock-out.
The password policy applies when the password is changed and when it is set by an admin. Account lockout policies observe bad password attempts. When a bad password is typed, it is added to the bad password count. When this count reaches the limit within the time specified as the observation period, the account is locked for the duration of the time-out period. Accounts can be locked indefinitely. In this case, accounts need to be unlocked by a person using their admin account or otherwise privileged account.
Admins can configure ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access