This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 94%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EL%3C/text%3E%3C/svg%3E)
In Test environment we applied Allow Administrator account lockout policy with Default Domain Policy. Through RDP we entered incorrect credential for default Domain Admin account and it gets locked. As per MS article still we should be able to login through console, but in test lab it fails and got message "Reference account is currently locked out and may not be logged on to". Can someone clarify this behavior
Later we found that this policy is affecting only built-in local admin on member servers and PCs. With built-in Domain Admin account the account is getting locked out and it won't allow console logon during locked out period.