Last post Apr 13, 2011 10:06 AM by gww
Feb 07, 2007 10:23 AM|DavidStein|LINK
From the MS How-To
http://msdn.microsoft.com/en-us/library/ms998360.aspx, I know that when the membership provider locks an account, it's not actually locked out with AD. Without using the membership provider's UnlockUser() method, how do I unlock an account?
My ultimate goal is to use the membership provider in my web app to authenticate against AD. I don't want my web app to be able to unlock users, or allow them to change passwords. I'd like to control the lockout parameters (ie. 5 invalid pwd attempts within
10 mins). In the event of a lockout, I'd like the account to automatically unlock after a specified period of time (ie. 30 minutes). From what I understand, the numbers I just used as examples are the defaults, however ...
My web.config file looks like this:
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=220.127.116.11, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
And I have an account that is locked (I entered 5 incorrect passwords within 10 minutes). The account is still locked after 2 days.
My question is, how will this account ever be unlocked? And why wasn't it automatically unlocked after 30 mins?
Thanks in advance for any information.
Apr 12, 2011 06:40 PM|present|LINK
I have similar question. The ActiveDirectoryMembershipProvider locked user in AD after several times of login failure, which should not happen based on that article.
Do I need do something on Windows 2003 AD side?
Thanks in advance!
Apr 13, 2011 10:06 AM|gww|LINK
For both questions you will need to configure Active Directory with an account unlock policy on the domain. Something your Network admin should be able to setup.