How the BadPwdCount attribute works in Windows 2000 and in Windows Server 2003 (900215)
The information in this article applies to:
- Microsoft Windows Server 2003, Enterprise Edition
- Microsoft Windows Server 2003, Standard Edition
- Microsoft Windows Server 2003, Web Edition
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server
INTRODUCTIONThis articles discusses how the bad password count attribute ( BadPwdCount) works in Microsoft Windows 2000 and in Microsoft Windows Server 2003. When you submit incorrect credentials to the Active Directory
directory service, the value of the BadPwdCount attribute of that user object increases.
This attribute is used to determine whether a user account will be locked out
based on the password lockout policy. In Windows 2000 and
in Windows Server 2003, the value of the BadPwdCount attribute should increase one time when the following conditions are true:
- You use either the user principal name (UPN) or the
Security Accounts Manager (SAM) account name (sAMAccountName) to log on to a
computer.
- You use the "Domain\UserId" format
and Active Directory Service
Interfaces (ADSI) functions to
bind your incorrect credentials to Active Directory.
For example, you use the IADsOpenDsObject::OpenDsObject method or the ADsOpenObject function.
In Windows 2000, the BadPwdCount attribute increases two times when the following conditions are true: - You use either the UPN or the sAMAccountName to log on to a computer.
- You use the UPN and ADSI functions to bind your incorrect credentials to Active Directory. For example, you use the IADsOpenDsObject::OpenDsObject method or the ADsOpenObject function.
However, in Windows Server 2003, the BadPwdCount attribute increases only one time when you use the UPN to bind your incorrect credentials to Active Directory.
| Modification Type: | Major | Last Reviewed: | 7/12/2005 |
|---|
| Keywords: | kbhowto kbinfo KB900215 kbAudDeveloper |
|---|
|