7,023 questions
In short, this attribute can be only set as 0 to unlock.
Active Directory - not able to update lockouttime attribute.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(243.2, 96%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERA%3C/text%3E%3C/svg%3E)
ReddyKiran AV
1
Reputation point
While Updating lockouttime attribute(as a large integer) for an user in active directory, getting below error.
Operation failed. Error code : 0x57
The parameter is incorrect
00000057: SysErr: DSID-031A12C8, problem 22(Invalid argument), data 0.
any help is appreciated.
Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Windows for business | Windows Server | User experience | Other
20,218 questions
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous2022-12-19T06:45:48.82+00:00 Hello ReddyKiranAV-9668,
Hope the information provided by the two responders are helpful.
If you have any question or concern, please keep me posted on this issue. I appreciate your time and efforts.
Best Regards,
Daisy Zhou============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Sign in to comment
4 answers
Sort by: Most helpful
-
-
ReddyKiran AV 1 Reputation point
2022-12-15T07:10:58.967+00:00 Thanks @Aung Zaw Min Thwin for your answer.
https://learn.microsoft.com/en-us/windows/win32/adschema/a-lockouttime
Above documentation says it has a update privilege with domain administrator. if it can be updated to only to 0, then is there any other attribute which i can use to lock an account manually.-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 62%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAZ%3C/text%3E%3C/svg%3E)
Aung Zaw Min Thwin 306 Reputation points2022-12-15T08:41:46.597+00:00 Instead of locking an account manually, you may consider disabling the account temporarily or reset the password to something else.
There are other attributes related to LockoutTime attribute.
e.g.
a-msds-user-account-control-computed
a-msds-lockoutobservationwindow
a-useraccountcontrolIn ADLDS/ADAM,
a-ms-ds-useraccountautolocked -
Aung Zaw Min Thwin 306 Reputation points
2022-12-15T10:08:55.69+00:00 Here is a link that mentioned only system can lock the account.
Sign in to comment -
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 68%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELT%3C/text%3E%3C/svg%3E)
Limitless Technology 44,766 Reputation points2022-12-15T13:27:34.383+00:00 Hello there,
You can't set this attribute to an arbitrary value in AD. This is a
Microsoft imposed limitation.To unlock the account, set this attribute to "0"
To lock the account simulate bad logins until you have reached the defined account lockout threshold
Hope this resolves your Query !!
--If the reply is helpful, please Upvote and Accept it as an answer--
-
Gary Reynolds 9,621 Reputation points2022-12-21T00:43:18.537+00:00 Hi,
As mentioned above it's not possible to set the lockout time attribute to a specific value, by setting the value to 0 (zero) the time is cleared. Another option to try, which is available on other system based attributes, by setting the value to -1, it will set the current time and date. I don't have a system to test it but it's worth a try.
Gary.
-
ReddyKiran AV 1 Reputation point
2022-12-28T07:28:10.143+00:00 Tried setting to -1 , same error. its accepting only 0 as said in above comments
-Kiran
Sign in to comment -