What are the on-premises Active Directory account lockout settings?

The on-premises Microsoft Active Directory (AD) bad password lockout settings are 20 bad password attempts in 10 minutes will lockout an account for 10 minutes.

The on-premises Microsoft Active Directory Federation Service (AD FS) "soft lockout" is slightly more restrictive to avoid denial of service from brute force password checking against the SSO service. The soft lockout settings are 15 bad password attempts in 10 mintues will lockout an account for 10 minutes.

Note: The most common reason for an Active Directory account lockout is a remembered password in a wireless profile. If it is not updated on password change it can cause an account lockout.
100% helpful - 1 review

Details

Article ID: 1781
Created
Mon 12/21/20 5:54 PM