Unlock accounts in Azure Active Directory Domain Services RRS feed

  • Question

  • I've just set up Azure Active Directory Domain Services and noticed that accounts get locked out after 5 failed attempts even though the default domain group policy lockout threshold is set to 0.  I'm also not able to unlock user accounts when logged in as a member of the AAD DC Administrators group.

    Is there a way to modify the lockout threshold and to unlock accounts?

    Tuesday, May 22, 2018 4:06 PM

All replies

  • Currently, this is not possible. The policy is set to a default value. If you try 5 attempts within 2 min, account will be locked for 30 min. It will be unlocked after the duration.

    If this answer was helpful, click “Mark as Answer” or Up-Vote. To provide additional feedback on your forum experience, click here.

    • Proposed as answer by vijisankar Tuesday, May 22, 2018 6:29 PM
    • Edited by vijisankar Tuesday, May 22, 2018 7:44 PM corrected the info
    Tuesday, May 22, 2018 6:29 PM
  • Where on the road map is this feature that every version of windows for 20 years has supported? 

    Pretty much the most basic setting in an auto-locking password system is for the Admin to be able to reset it as users have work to get done, not "wait" on the system.

    Monday, August 13, 2018 7:04 PM
  • Azure AD Domain Services does not "maintain" the Smart Lockout Policy from Azure AD for Cloud Users (or) the Lockout Policy set for On-Premise sync'd users. 
    In case of cloud users, Azure AD as of today does not have the functionality for the Admins to "unlock" the user accounts. Ref: Azure Active Directory smart lockout (Read IMPORTANT note mentioned in the document).
    In case of sync'd users from On-Premise AD, suggest the Local Enterprise Admin to check the Lockout Policy set on the on-premise server.  
    Also, refer to this FAQ - Does Azure AD Domain Services provide AD account lockout protection?


    If this answer was helpful, click “Mark as Answer” or Up-Vote. To provide additional feedback on your forum experience, click here.

    • Proposed as answer by vijisankar Tuesday, August 14, 2018 1:23 PM
    Tuesday, August 14, 2018 1:23 PM
  • Just Checking in to see if the above answer helped. If this answers your query, do click “Mark as Answer” and Up-Vote for the same. And, if you have any further query do let us know.
    Saturday, August 18, 2018 5:04 AM
  • Wow What a miss by Microsoft. So we have staff that lock their account and can't log into Vm servers using Azure Domain Services and there is no way for us Administrators to unlock their account!!! We have tried applying a new GPO but Azure AD doesn't allow this. We tried resetting password in Azure AD (Office365) but although the password change works the Account stays locked out for 30mins. When is this getting fixed?

    Thursday, October 11, 2018 10:17 PM
  • Did you find an answer to this by mistake by Microsoft? Driving us crazy as when an account locks out users are stuffed for 1/2hour.
    Thursday, October 11, 2018 10:18 PM
  • Members of AAD DC Administrators group need to be able to unlock user accounts.

    When will this be fixed!

    Thursday, October 11, 2018 10:20 PM
  • Why does it lock account in first place?

    I’ve tried to login to server, got password is expired message.

    Was not about to update password during logging to server...?

    Is this a bug or feature?

    Login to portal.azure.com, updated password.

    I assume, immediately after updating password account should be unlocked, right?

    Was not able to server 1 min later - got error account is locked.

    Waited 1/2 hour - same error still.

    Waited 1 hour - same error still.

    What it right way to unlock account?

    Friday, November 2, 2018 6:33 PM
  • Hi all!

    We're experiencing same problem in our organization. Configuration is: on-premise domain structure without exchange server, Azure AD connect is installed on domain controller, pass-through and SSO. After changing password our users having random blocking when trying to connect to Outlook 365. On my DC I don't see blocking, it's on the cloud structure.

    Thursday, November 8, 2018 11:47 AM
  • Experienced this too. Now I know. We really need to have the option to unlock
    Thursday, February 28, 2019 5:41 AM