ADFS 2016 error connecting to the account store

Skip Hofmann 341 Reputation points
2022-02-07T18:59:20.43+00:00

Hello all

Running ADFS 2016 in a two node farm. The database is WID. When i run the following command "Get-AdfsAccountActivity -UserPrincipalName jhofmann@mydomain.com" I am getting the below error.

Get-AdfsAccountActivity : PS0357: Error connecting to the Account Activity store. Either ExtranetLockoutMode is not set to ADFSSmartLockout or ExtranetLockout is not enabled.

When i look at the extrannetlockout properties i see the following. So it appears that extrannetlockout is enabled. Any help is greatly appreciated
PS C:\temp> Get-AdfsProperties |select extranet*

ExtranetLockoutThreshold : 3
ExtranetLockoutMode : ADPasswordCounter
ExtranetLockoutEnabled : True
ExtranetObservationWindow : 00:30:00
ExtranetLockoutRequirePDC : True

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,187 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,389 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Pierre Audonnet - MSFT 10,166 Reputation points Microsoft Employee
    2022-02-28T14:37:14.35+00:00

    Get-AdfsAccountActivity is intented to work when the ExtranetLockoutMode is set to ADFSSmartEnforce or ADFSSmartLockoutLogOnly.

    0 comments No comments