ICloud/iTunes Account Locking out Active Directory Account [?]

The facts:
I have been having this problem for the past four+ months.
My work email address is my iTunes account name
My work AD account gets logged out most evenings, sometimes within an hour of leaving work, sometimes late at night
I know when my account is logged out because my iPhone will ask for my Exchange password, or I cannot get into Outlook Web Access
When my iTunes/iCloud account password is the same as my Active Directory password this does not happen. When this was the case earlier this year I went 90 days without a lockout. The day after my password expired and I changed my password - locked out again
Exchange recognizes two mobile devices, my iPad2 and my iPhone 4, as mobile ActiveSync clients
I have reset both of these devices, updated to the latest iOS and reinstalled and reconfigured my apps
This occurs even when neither of these devices has an active ActiveSync account set up to use my work Exchange server
The keyrings (Mac) and Credential Managers (PC) of all my home machines have been sanitized
Mail (Mac) and Outlook are not configured on my home machines, and they are not affiliated with the work domain in any way
From these facts it seems to me that the issue is:
There exists a machine attempting to reach my Exchange account using a password I have used in the past
If it is a computer that I have possession of, it must be an iDevice, because this behavior has still occurred when all others have been powered off
If it is an iDevice under my control then it is something in iCloud/iTunes, because it does not depend on having the Exchange account configured on either iDevice and those are the only applications with knowledge of my work email address
So,
If it is my iCloud/iTunes account then WHY in the name of all that is sacred is it hitting my work Exchange server and locking out my account?
I can think of no other -possible- devices or online services that have both that password, and knowledge of that email address. I remotely wiped an old phone that might have had the email account configured.
Help?

I would very much like to hear from someone at Apple regarding this as I'm having a very similar if not the exact same issue.

Similar Messages

Is it possible to move or merge my local user account with an Active Directory account?

10.7.2 update now allows me to authenticate against AD, and I have a shiny new account on my mac. Is there any way to merge my local and AD accounts? Or link my local account to my AD account? Can I change the home directory of the AD account to point to my local account folder?

Gary,
Performance would be absolutely horrible if you hung a USB drive off an AEBS and used that as your home directory, wirelessly. You're going to be getting no more than about 10 MB/sec, or roughly 1/5 the speed (in the IDEAL case -- practically it's worse than that) of your current setup.
If you want to access the same email from multiple Macs, you should consider using IMAP. .Mac can do this -- and you can have up to 4 GB on the server, if you pay for it. Default is up to 1 GB, if you shrink your iDisk space to nothing.
Another alternative if you want to share something centrally is to use OS X Server and Portable Home Directories. This is pretty complicated for the home user, though, and requires OS X Server (minimum $499), a machine to run it on, and some good knowledge of Open Directory and AFP services. It works quite well for corporate clients though.
Otherwise, synching stuff across multiple machines may work. But don't even think about moving your whole home directory to a central network mounted drive, especially something as slow as a USB drive on an AEBS over wireless.

Locked out of Apple account, Locked out of Apple account

After trying to make a purchase with my Apple ID I was prompted to answer two questions I have no idea the answer too after answering wrong I no longer had any attempts and now am unable to purchase or contact apple in any way to resolve the problem even after talking to an illiterate computer at 23p a minute via an 0844 number due to the page to be "called within minuets" not accepting 3 different phone numbers land line and mobile! Every web page I get too requires me to enter my password again and again I feel let down by apple so much right now.

You may have tried some of this...read all of it before responding... it sounds like you may have tried all of this, but if contacting Apple doesn't work, try an Apple store.
If you have a rescue email address (which is not the same thing as an alternate email address) set up on your account then you can try going to https://appleid.apple.com/ and click 'Manage your Apple ID' on the right-hand side of that page and log into your account. Then click on 'Password and Security' on the left-hand side of that page and on the right-hand side you might see an option to send security question reset info to your rescue email address.
If you don't have a rescue email address (you won't be able to add one until you can answer 2 of your questions) then see if this user tip helps : https://discussions.apple.com/docs/DOC-4551
e.g. you can try contacting iTunes Support : http://www.apple.com/support/itunes/contact/ - click on Contact iTunes Store Support on the right-hand side of the page, then Account Management , and then try Apple ID Account Security
or try ringing Apple in your country and ask to talk to the Accounts Security Team : http://support.apple.com/kb/HE57

Creating Active Directory Accounts for vSphere 5.1 Services

To set up the management pieces of vSphere, I need to have an account or accounts created in Active Directory. I need to determine how many to create and what permissions they need.
In Single Sign on Server, I need to choose an account that vCenter server will use when it connects to SSO. I can use the default admin@system-domain. Or I can add an account that is configured in Active Directory. Or, I can also use an active directory group instead of an individual user. What is the best way to do this and if I use an AD account, what permissions does it need at the domain level and at the local level on the Single Sign on Server? (I'm using multisite mode, so I can't use local accounts)
In SQL Server, I need to choose an account to use for the SQL server service. Should this account be an active directory account or a local user account? If so, what permissions should be assigned to the account in Active Directory and what permissions should be assigned to it on the local machine? What AD group, if any should it be a part of? What local permissions does it need?
In vCenter Server, I need to choose an account to run the "vCenter Server Service" in. Is it best to use the default "system" account or to use an account from Active Directory, or a local account?
I'm trying to get a big picture of an AD account/group strategy to use that covers the main management pieces of vSphere - vCenter Server, Single Sign on, Inventory Service, Web Client Services.
For example, create one group called "vSphere Services", then create separate accounts for each management piece, and assign them specific permissions on specific systems. Or create separate groups for each management piece and assign permissions to the groups. Is it better to consolidate some of these user names or split them out? Any experiences / suggestions welcome. Thanks.

Hello,
For general services I use a service specific account within AD. This was before SSO and I use the same after SSO. SSO is used by only two services that I know about at the moment (Inventory Service and perhaps vCloud). However, there are many other service accounts that should be created. You want one account per service and I use AD for this, this way I can create a service account group and give it the appropriate roles and privileges. FOr example I have service accounts for:
VMware View
XenDesktop
vCops
HPSIM
Solarwinds
VMTurbo
NetApp
etc.
One service, one service account, each with either a general role or custom role depending on access requirements to vCenter.
For SSO, I to am waiting on general information, but I set mine up fairly basically to cover only those resources that make use of SSO. Since the vast majority of items do not use SSO, the rule still applies. Once SSO is supported by more than one or two tools, you still need to maintain that separation.
So I say yes, tie SSO to AD and do everything in one place, unfortunately, that is not very clear, or at least was not to me and these SSO issues are either beng fixed, documented, or both.
Best regards,
Edward L. Haletky aka Texiwill

ActiveSync mail/contacts/calendars removed after Active Directory account is locked out?

Hey guys,
Wondering if anybody has seen an issue like this. This is a new Exchange 2010 deployment (8+ CAS servers) and the devices are all iPhones/iPads running the latest version of iOS (7.1.2). The CAS servers are behind a load-balancer.
Basically when a users' Active Directory account is Locked in AD (either manually or by entering the wrong password) their ActiveSync Contacts, Calendars and all Mail folders (except the Inbox strangely!) will be removed from the iOS device within a few hours. So an account might get locked out at say 6pm, if left locked out by the next morning the ActiveSync account will still be setup on the device as normal, but everything is gone except the mail in the Inbox. If a user has an iPad and iPhone both will be blanked.
The behaviour is similar to what is documented here - iOS: How to mitigate a full sync or reload of Exchange account data - however the Exchange servers are not issuing HTTP500 errors as we have captured logging during the window where the device blanks itself.
Any thoughts would be appreciated!
Thanks!

Hello,
which event ids are shown in the event viewer from the DCs? Or maybe locally also some errors are locked that give some more details.
If this happens it sounds personally for me that Java is the problem. Have you already opened a call at
https://community.oracle.com/welcome ?
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://msmvps.com/blogs/mweber/
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

Account locked out events are not getting in active directory security event logs

Account locked out events are not getting in active directory security event logs for some users. I can see that the user is locked and when i tried to find out the event in sec log at DC but couldnt able to find. It is only happening for some users.
not for the all users.

In addition.
Check the ADDS Audit.
Active Directory Services Audit - Document references
Regards~Biswajit
Disclaimer: This posting is provided & with no warranties or guarantees and confers no rights.
MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin
MY BLOG
Domain Controllers inventory-Quest Powershell
Generate Report for Bulk Servers-LastBootUpTime,SerialNumber,InstallDate
Generate a Report for installed Hotfix for Bulk Servers

Mac user account locked out in Microsoft Active Directory

Hi,
I have some users who get their user account locked out several times a day.
It seems to be an issue with the keychain.
Our users need to change their password every 90 days domain GPO applied on every users.
Do you know how to fix this issue?
I have notice that most of the time this happens when the Mac wakes up from sleep mode while still connected to the network and when the users try to re login.
Thank you.

Hi Nicky
I had a very similar problem a while back. It turned out that I had another device trying to retrieve mail from the corporate account. in my case it was an iPod that was just sitting on charge for weeks at a time but was accessing the Exchange server with the wrong password, after having changed it due to the same password policy you use. Of course after a set number of tries, the AD locked the account.
I always remember to change my iPhone password now
Jerry

MacBook Pro Causing Account Lock-Out in Active Directory

Dear fellow forumers,
I'm having a MacBook Pro, running on Leopard. I'm running WinXP Pro on VM Fusion.I'm connecting my MacBook to a Local LAN enviroment in my company, but it is not bind to any AD.
But concurrently when i run WindowsXP Pro on VM Fusion, i actually join domain in the XP Pro.
If anyone can advise, what may be causing the frequent account lock-out whenever i run WindowXP on VM Fusion?

I'm having the same issue under Parallels. I connect to my corporate network using Cisco VPN. I have Entourage configured and Outlook configured in my VM. Cisco VPN is configured for both the Mac OS and for Windows XP within Parallels. I never run both simultaneously. If I connect to VPN within MacOS X, I can have both Entourage and Outlook open and the same time. I seem to notice more frequent lockouts when I do this. I have also tried running Entourage via OWS. This removes the need to use VPN on the Mac. However, I still get lockouts...just not as frequently. Any help greatly appreciated.

I've forgotten one of my answes to the "security questions" now I am locked out of my account. All I wanted to do was buy an album and now I am "locked out" how do I get Itunes to let me buy this album?

I am not a ferquent user of Apple aside to download music on to my Ipod touch and I am not overly pleased with it. All I wish to do is download and ablum and cannot remeber the answers to one of my security questions.*seeing as I rarely use it* now I am locked out of my account and all and all very annoyed. how do I become unlocked and change my security questions so that I may download this album and stop using Itunes all in all.

The Three Best Alternatives for Security Questions and Rescue Mail
    1. Use Apple's Express Lane.
          Go to https://expresslane.apple.com ; click 'See all products and services' at the
          bottom of the page. In the next page click 'More Products and Services, then
          'Apple ID'. In the next page select 'Other Apple ID Topics' then 'Forgotten Apple
          ID security questions' and click 'Continue'. Please be patient waiting for the return
          phone call. It will come in time depending on how heavily the servers are being hit.
     2. Call Apple Support in your country: Customer Service: Contacting Apple for support or
          Apple ID- Contacting Apple for help with Apple ID account security. Ask to speak to
          Account Security.
     3. Rescue email address and how to reset Apple ID security questions.
How to Manage your Apple ID: Manage My Apple ID

Active Directory account lockout from OS X Server

I'm looking for assistance in tracking down why our 10.9 Mac server is constantly trying to use my Active Directory account. I changed my password a week ago and have been getting locked out constantly, and it appears the lockouts are coming from invalid password attempts from this OS X server. However, I don't know why the server would be using my AD credentials since I login to the Mac with an admin account and not my own. The only thing I can think of that may have used my AD credentials is connecting to a network file share at some point in the past, but I wouldn't have saved the credentials and it shouldn't be auto-mapping the share. The Mac itself is bound to Active Directory too.
I checked the Login Items and there is nothing there. I also reset the keychain to defaults and that didn't help. Does anyone else have any ideas for me to try to narrow down what the OS X server may be trying to use my credentials for?

So I'm going to guess I'm the only one that's ever had this issue...
Further digging with Wireshark shows that the OS X server is indeed issuing bind requests using my old AD account credentials multiple times per minute. I tried unbinding and rebinding, but that didn't help. The requests also start right away after a reboot, so whatever is using my credentials is doing so prior to any user logins on the server. Now I'm trying to track down what is actually issuing these requests on the server
In a span of a few seconds the machine issues three bind requests. The first is
bindRequest (1) "[email protected]" simple
Followed by
bindRequest (1) "<ROOT>" sasl
then
bindRequest (2) "<ROOT>" sasl
Anyone have an idea for me as to how to track down where my user account comes into play? It wasn't used to bind the machine to AD, I didn't see it anywhere in the keychain, and I only have a few apps running on the server, none of which use AD authentication or would request binding.

I am locked out of my account because my password includes "[" and my computer is set to spanish. In spanish that key doesn't work. How do I gejt back into my computer?

i am locked out of my account because my password includes "[" and my computer is set to spanish. In spanish that key doesn't work. How do I gejt back into my computer?

If the user account is associated with an Apple ID, and you know the Apple ID password, then maybe the Apple ID can be used to reset your user account password.
Otherwise*, boot into Recovery by holding down the key combination command-R at startup. Release the keys when you see a gray screen with a spinning dial.
When the OS X Utilities screen appears, select
Utilities ▹ Terminal
from the menu bar.
In the Terminal window, type this:
res
Press the tab key. The partial command you typed will automatically be completed to this:
resetpassword
Press return. A Reset Password window opens.
Select your boot volume if not already selected.
Select your username from the menu labeled Select the user account if not already selected.
Follow the prompts to reset the password. It's safest to choose a password that includes only the characters a-z, A-Z, and 0-9.
Select
 ▹ Restart
from the menu bar.
You should now be able to log in with the new password, but your Keychain will be reset (empty.) If you've forgotten the Keychain password (which is ordinarily the same as your login password), there's no way to recover it.
*Note: If you've activated FileVault, this procedure doesn't apply. Follow instead the instructions on this page:
If you forget the password and FileVault is on

Powershell Active Directory Account Expiration Script

I am putting together a script that creates a user account in AD, sets the password, adds groups, etc. The part I am having problems with is when the user selects the Contractor employee option and is prompted for the expiration date of the AD account.
The script will create the account, but the expiration date is not set in AD. Any suggestions?
Here's the code:
#Script to create Active Directory account
#Add the Active Directory Module if not already present
if (-not (Get-Module ActiveDirectory))
Import-Module ActiveDirectory -Force
Write-Host ""
Write-Host "======================================================" -ForegroundColor DarkYellow
Write-Host ""
Write-Host "Computer Access"
Write-Host "Create Active Directory User Script"
Write-Host "PowerShell 3.0"
Write-Host "Version: 1.2"
Write-Host "Date: 4/14/2014"
Write-Host "Author: "
Write-Host ""
Write-Host "Please review the created Active Directory Account" -ForegroundColor Red -BackgroundColor Yellow
Write-Host ""
Write-Host "Base Business Unit Group Memberships are added only" -ForegroundColor Red -BackgroundColor Yellow
Write-Host ""
Write-Host "======================================================" -ForegroundColor DarkYellow
Write-Host ""
Write-Host ""
Write-Host "======================================================" -ForegroundColor DarkYellow
Write-Host "Creating Active Directory Account" -ForegroundColor Yellow
Write-Host "======================================================" -ForegroundColor DarkYellow
Write-Host ""
#Specify the target OU for new users
$targetOU = "OU=Personnel,OU=ETA,DC=eta,DC=state,DC=tx"
#Find the current domain info
$domdns = (Get-ADDomain).dnsroot # for UPN generation
#Set Account Variables
#Set Username with Dialogue Box
[void] [System.Reflection.Assembly]::LoadWithPartialName("System.Drawing")
[void] [System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms")
$objForm = New-Object System.Windows.Forms.Form
$objForm.Font = New-Object System.Drawing.Font("Arial",10)
$objForm.Text = "Username"
$objForm.Size = New-Object System.Drawing.Size(300,200)
$objForm.StartPosition = "CenterScreen"
$objForm.KeyPreview = $True
$objForm.Add_KeyDown({if ($_.KeyCode -eq "Enter")
    {$global:setusername=$objTextBox.Text;$objForm.Close()}})
$objForm.Add_KeyDown({if ($_.KeyCode -eq "Escape")
    {$objForm.Close()}})
$OKButton = New-Object System.Windows.Forms.Button
$OKButton.Location = New-Object System.Drawing.Size(75,120)
$OKButton.Size = New-Object System.Drawing.Size(75,23)
$OKButton.Text = "OK"
$OKButton.Add_Click({$global:setusername=$objTextBox.Text;$objForm.Close()})
$objForm.Controls.Add($OKButton)
$CancelButton = New-Object System.Windows.Forms.Button
$CancelButton.Location = New-Object System.Drawing.Size(150,120)
$CancelButton.Size = New-Object System.Drawing.Size(75,23)
$CancelButton.Text = "Cancel"
$CancelButton.Add_Click(
{$Looping=$False
$objForm.Close()
[environment]::Exit(0)
$objForm.Controls.Add($CancelButton)
$objLabel = New-Object System.Windows.Forms.Label
$objLabel.Location = New-Object System.Drawing.Size(10,20)
$objLabel.Size = New-Object System.Drawing.Size(280,20)
$objLabel.Text = "Please enter the username for the account:"
$objForm.Controls.Add($objLabel)
$objTextBox = New-Object System.Windows.Forms.TextBox
$objTextBox.Location = New-Object System.Drawing.Size(10,40)
$objTextBox.Size = New-Object System.Drawing.Size(260,20)
$objForm.Controls.Add($objTextBox)
$objForm.Topmost = $True
$objForm.Add_Shown({$objForm.Activate(); $objTextBox.focus()})
[void] $objForm.ShowDialog()
#If OK then set variable and continue
$samname = ($setusername | Out-String)
$samname = ($setusername) + ("")
function validateUser
    param(
    [string]$username
    #if the username is passed without domain\
    if(($username.StartsWith("domain\")) -eq $false)
        $user = Get-ADUser -Filter { SamAccountName -eq $username }
        if (!$user)
            return $false
        else
            return $true
    elseif(($username.StartsWith("domain\")) -eq $true)
        $username = ($username.Split("\")[1])
        $user = Get-ADUser -Filter { SamAccountName -eq $username }
        if (!$user)
            return $false
        else
            return $true
$usercheck = validateUser -username $samname
if($userCheck -eq $true) {
[System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms")
[Windows.Forms.MessageBox]::Show("Username already exists in AD please check and retry",`
"Username Check", [Windows.Forms.MessageBoxButtons]::OK, [Windows.Forms.MessageBoxIcon]::Stop)
[environment]::Exit(0)
else {} #Continue
Write-Host ""
Write-Host "USERNAME has been set to" $samname -ForegroundColor Yellow
#Set User Accounts First Name
[void] [System.Reflection.Assembly]::LoadWithPartialName("System.Drawing")
[void] [System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms")
$objForm = New-Object System.Windows.Forms.Form
$objForm.Font = New-Object System.Drawing.Font("Arial",10)
$objForm.Text = "First Name"
$objForm.Size = New-Object System.Drawing.Size(300,200)
$objForm.StartPosition = "CenterScreen"
$objForm.KeyPreview = $True
$objForm.Add_KeyDown({if ($_.KeyCode -eq "Enter")
    {$global:setfirstname=$objTextBox.Text;$objForm.Close()}})
$objForm.Add_KeyDown({if ($_.KeyCode -eq "Escape")
    {$objForm.Close()}})
$OKButton = New-Object System.Windows.Forms.Button
$OKButton.Location = New-Object System.Drawing.Size(75,120)
$OKButton.Size = New-Object System.Drawing.Size(75,23)
$OKButton.Text = "OK"
$OKButton.Add_Click({$global:setfirstname=$objTextBox.Text;$objForm.Close()})
$objForm.Controls.Add($OKButton)
$CancelButton = New-Object System.Windows.Forms.Button
$CancelButton.Location = New-Object System.Drawing.Size(150,120)
$CancelButton.Size = New-Object System.Drawing.Size(75,23)
$CancelButton.Text = "Cancel"
$CancelButton.Add_Click(
{$Looping=$False
$objForm.Close()
[environment]::Exit(0)
$objForm.Controls.Add($CancelButton)
$objLabel = New-Object System.Windows.Forms.Label
$objLabel.Location = New-Object System.Drawing.Size(10,20)
$objLabel.Size = New-Object System.Drawing.Size(280,20)
$objLabel.Text = "Please enter the users first name:"
$objForm.Controls.Add($objLabel)
$objTextBox = New-Object System.Windows.Forms.TextBox
$objTextBox.Location = New-Object System.Drawing.Size(10,40)
$objTextBox.Size = New-Object System.Drawing.Size(260,20)
$objForm.Controls.Add($objTextBox)
$objForm.Topmost = $True
$objForm.Add_Shown({$objForm.Activate(); $objTextBox.focus()})
[void] $objForm.ShowDialog()
#If OK then set variable and continue
$givname = ($setfirstname | Out-String)
$givname = ("$setfirstname") + ("")
Write-Host ""
Write-Host "FIRST NAME has been set to" $givname -ForegroundColor Yellow
#Set User Accounts Last Name
[void] [System.Reflection.Assembly]::LoadWithPartialName("System.Drawing")
[void] [System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms")
$objForm = New-Object System.Windows.Forms.Form
$objForm.Font = New-Object System.Drawing.Font("Arial",10)
$objForm.Text = "Last Name"
$objForm.Size = New-Object System.Drawing.Size(300,200)
$objForm.StartPosition = "CenterScreen"
$objForm.KeyPreview = $True
$objForm.Add_KeyDown({if ($_.KeyCode -eq "Enter")
    {$global:setlastname=$objTextBox.Text;$objForm.Close()}})
$objForm.Add_KeyDown({if ($_.KeyCode -eq "Escape")
    {$objForm.Close()}})
$OKButton = New-Object System.Windows.Forms.Button
$OKButton.Location = New-Object System.Drawing.Size(75,120)
$OKButton.Size = New-Object System.Drawing.Size(75,23)
$OKButton.Text = "OK"
$OKButton.Add_Click({$global:setlastname=$objTextBox.Text;$objForm.Close()})
$objForm.Controls.Add($OKButton)
$CancelButton = New-Object System.Windows.Forms.Button
$CancelButton.Location = New-Object System.Drawing.Size(150,120)
$CancelButton.Size = New-Object System.Drawing.Size(75,23)
$CancelButton.Text = "Cancel"
$CancelButton.Add_Click(
{$Looping=$False
$objForm.Close()
[environment]::Exit(0)
$objForm.Controls.Add($CancelButton)
$objLabel = New-Object System.Windows.Forms.Label
$objLabel.Location = New-Object System.Drawing.Size(10,20)
$objLabel.Size = New-Object System.Drawing.Size(280,20)
$objLabel.Text = "Please enter the users last name:"
$objForm.Controls.Add($objLabel)
$objTextBox = New-Object System.Windows.Forms.TextBox
$objTextBox.Location = New-Object System.Drawing.Size(10,40)
$objTextBox.Size = New-Object System.Drawing.Size(260,20)
$objForm.Controls.Add($objTextBox)
$objForm.Topmost = $True
$objForm.Add_Shown({$objForm.Activate(); $objTextBox.focus()})
[void] $objForm.ShowDialog()
#If OK then set variable and continue
$surname = ($setlastname | Out-String)
$surname = ("$setlastname") + ("")
Write-Host ""
Write-Host "LAST NAME has been set to" $surname -ForegroundColor Yellow
#Set the Department Number for the Active Directory Account
[void] [System.Reflection.Assembly]::LoadWithPartialName("System.Drawing")
[void] [System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms")
$objForm = New-Object System.Windows.Forms.Form
$objForm.Font = New-Object System.Drawing.Font("Arial",10)
$objForm.Text = "Cost Center"
$objForm.Size = New-Object System.Drawing.Size(300,200)
$objForm.StartPosition = "CenterScreen"
$objForm.KeyPreview = $True
$objForm.Add_KeyDown({if ($_.KeyCode -eq "Enter")
    {$global:setcostcode=$objTextBox.Text;$objForm.Close()}})
$objForm.Add_KeyDown({if ($_.KeyCode -eq "Escape")
    {$objForm.Close()}})
$OKButton = New-Object System.Windows.Forms.Button
$OKButton.Location = New-Object System.Drawing.Size(75,120)
$OKButton.Size = New-Object System.Drawing.Size(75,23)
$OKButton.Text = "OK"
$OKButton.Add_Click({$global:setcostcode=$objTextBox.Text;$objForm.Close()})
$objForm.Controls.Add($OKButton)
$CancelButton = New-Object System.Windows.Forms.Button
$CancelButton.Location = New-Object System.Drawing.Size(150,120)
$CancelButton.Size = New-Object System.Drawing.Size(75,23)
$CancelButton.Text = "Cancel"
$CancelButton.Add_Click(
{$Looping=$False
$objForm.Close()
[environment]::Exit(0)
$objForm.Controls.Add($CancelButton)
$objLabel = New-Object System.Windows.Forms.Label
$objLabel.Location = New-Object System.Drawing.Size(10,20)
$objLabel.Size = New-Object System.Drawing.Size(280,20)
$objLabel.Text = "Please enter the cost center for the account:"
$objForm.Controls.Add($objLabel)
$objTextBox = New-Object System.Windows.Forms.TextBox
$objTextBox.Location = New-Object System.Drawing.Size(10,40)
$objTextBox.Size = New-Object System.Drawing.Size(260,20)
$objForm.Controls.Add($objTextBox)
$objForm.Topmost = $True
$objForm.Add_Shown({$objForm.Activate(); $objTextBox.focus()})
[void] $objForm.ShowDialog()
#If OK then set variable and continue
$costcode = ($setcostcode | Out-String)
$costcode = ("$setcostcode") + ("")
Write-Host ""
Write-Host "COSTCODE has been set to" $costcode -ForegroundColor Yellow
#This creates a checkbox called Employee
$objTypeCheckbox = New-Object System.Windows.Forms.Checkbox
$objTypeCheckbox.Location = New-Object System.Drawing.Size(10,220)
$objTypeCheckbox.Size = New-Object System.Drawing.Size(500,20)
$objTypeCheckbox.Text = "Employee"
$objTypeCheckbox.TabIndex = 4
$objForm.Controls.Add($objTypeCheckbox)
#This creates a checkbox called Citrix User
$objCitrixUserCheckbox = New-Object System.Windows.Forms.Checkbox
$objCitrixUserCheckbox.Location = New-Object System.Drawing.Size(10,240)
$objCitrixUserCheckbox.Size = New-Object System.Drawing.Size(500,20)
$objCitrixUserCheckbox.Text = "Citrix User"
$objCitrixUserCheckbox.TabIndex = 5
$objForm.Controls.Add($objCitrixUserCheckbox)
#Set Permanent or Contractor (Expiration Date)
[void][reflection.assembly]::Load("System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089")
[void][reflection.assembly]::Load("System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a")
[System.Windows.Forms.Application]::EnableVisualStyles()
$form1 = New-Object 'System.Windows.Forms.Form'
$datetimepicker1 = New-Object 'System.Windows.Forms.DateTimePicker'
$radiobuttonPermanent = New-Object 'System.Windows.Forms.RadioButton'
$radiobuttonContractor = New-Object 'System.Windows.Forms.RadioButton'
$buttonOK = New-Object 'System.Windows.Forms.Button'
$InitialFormWindowState = New-Object 'System.Windows.Forms.FormWindowState'
$radiobuttonContractor_CheckedChanged={
    if($radiobuttonContractor.Checked){
        $datetimepicker1.Visible=$true
   }else{
        $datetimepicker1.Visible=$false
$Form_StateCorrection_Load=
   #Correct the initial state of the form to prevent the .Net maximized form issue
   $form1.WindowState = $InitialFormWindowState
$Form_Cleanup_FormClosed=
   #Remove all event handlers from the controls
   try
       $radiobuttonContractor.remove_CheckedChanged($radiobuttonContractor_CheckedChanged)
       $form1.remove_Load($FormEvent_Load)
       $form1.remove_Load($Form_StateCorrection_Load)
       $form1.remove_FormClosed($Form_Cleanup_FormClosed)
   catch [Exception]
$form1.Controls.Add($datetimepicker1)
$form1.Controls.Add($radiobuttonPermanent)
$form1.Controls.Add($radiobuttonContractor)
$form1.Controls.Add($buttonOK)
$form1.AcceptButton = $buttonOK
$form1.ClientSize = '508, 262'
$form1.FormBorderStyle = 'FixedDialog'
$form1.MaximizeBox = $False
$form1.MinimizeBox = $False
$form1.Name = "form1"
$form1.StartPosition = 'CenterScreen'
$form1.Text = "Form"
$form1.add_Load($FormEvent_Load)
# datetimepicker1
$datetimepicker1.Location = '160, 91'
$datetimepicker1.Name = "datetimepicker1"
$datetimepicker1.Size = '200, 20'
$datetimepicker1.TabIndex = 3
$datetimepicker1.Visible = $False
# radiobuttonPermanent
$radiobuttonPermanent.Location = '33, 57'
$radiobuttonPermanent.Name = "radiobuttonPermanent"
$radiobuttonPermanent.Size = '104, 24'
$radiobuttonPermanent.TabIndex = 2
$radiobuttonPermanent.TabStop = $True
$radiobuttonPermanent.Text = "Permanent"
$radiobuttonPermanent.UseVisualStyleBackColor = $True
# radiobuttonContractor
$radiobuttonContractor.Location = '33, 87'
$radiobuttonContractor.Name = "radiobuttonContractor"
$radiobuttonContractor.Size = '104, 24'
$radiobuttonContractor.TabIndex = 1
$radiobuttonContractor.TabStop = $True
$radiobuttonContractor.Text = "Contractor"
$radiobuttonContractor.UseVisualStyleBackColor = $True
$radiobuttonContractor.add_CheckedChanged($radiobuttonContractor_CheckedChanged)
# buttonOK
$buttonOK.Anchor = 'Bottom, Right'
$buttonOK.DialogResult = 'OK'
$buttonOK.Location = '421, 227'
$buttonOK.Name = "buttonOK"
$buttonOK.Size = '75, 23'
$buttonOK.TabIndex = 0
$buttonOK.Text = "OK"
$buttonOK.UseVisualStyleBackColor = $True
#endregion Generated Form Code
#Save the initial state of the form
$InitialFormWindowState = $form1.WindowState
#Init the OnLoad event to correct the initial state of the form
$form1.add_Load($Form_StateCorrection_Load)
#Clean up the control events
$form1.add_FormClosed($Form_Cleanup_FormClosed)
#Show the Form
$form1.ShowDialog()
#Set the password for the new user account
#Change P@$$w0rd to whatever you want the account password to be
[void] [System.Reflection.Assembly]::LoadWithPartialName("System.Drawing")
[void] [System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms")
$objForm = New-Object System.Windows.Forms.Form
$objForm.Font = New-Object System.Drawing.Font("Arial",10)
$objForm.Text = "Password"
$objForm.Size = New-Object System.Drawing.Size(300,200)
$objForm.StartPosition = "CenterScreen"
$objForm.KeyPreview = $True
$objForm.Add_KeyDown({if ($_.KeyCode -eq "Enter")
    {$global:setpassword=$objTextBox.Text;$objForm.Close()}})
$objForm.Add_KeyDown({if ($_.KeyCode -eq "Escape")
    {$objForm.Close()}})
$OKButton = New-Object System.Windows.Forms.Button
$OKButton.Location = New-Object System.Drawing.Size(75,120)
$OKButton.Size = New-Object System.Drawing.Size(75,23)
$OKButton.Text = "OK"
$OKButton.Add_Click({$global:setpassword=$objTextBox.Text;$objForm.Close()})
$objForm.Controls.Add($OKButton)
$CancelButton = New-Object System.Windows.Forms.Button
$CancelButton.Location = New-Object System.Drawing.Size(150,120)
$CancelButton.Size = New-Object System.Drawing.Size(75,23)
$CancelButton.Text = "Cancel"
$CancelButton.Add_Click(
{$Looping=$False
$objForm.Close()
[environment]::Exit(0)
$objForm.Controls.Add($CancelButton)
$objLabel = New-Object System.Windows.Forms.Label
$objLabel.Location = New-Object System.Drawing.Size(10,20)
$objLabel.Size = New-Object System.Drawing.Size(280,40)
$objLabel.Text = "Please enter the password you wish to set. Press Enter for P@SSw0rd:"
$objForm.Controls.Add($objLabel)
$objTextBox = New-Object System.Windows.Forms.TextBox
$objTextBox.Location = New-Object System.Drawing.Size(10,60)
$objTextBox.Size = New-Object System.Drawing.Size(260,20)
$objForm.Controls.Add($objTextBox)
$objForm.Topmost = $True
$objForm.Add_Shown({$objForm.Activate(); $objTextBox.focus()})
[void] $objForm.ShowDialog()
#If OK then set password and continue
$userpassword = ($setpassword | Out-String)
$userpassword = ("$setpassword") + ("")
if ($userpassword -eq "") {$userpassword = 'P@SSw0rd'}
$password = (ConvertTo-SecureString $userpassword -AsPlainText -Force)
#Set Variables for New-ADUser cmdlet
$dplname = "$surname, $givname"
$upname = "$givname.$surname" + "@" + "$domdns"
$email = "$givname" + "." + "$surname" + "@eta.state.tx.us"
$office = "WBT"
$description = "$costcode"
$description2 = "611IS - Permanent"
$description3 = "611PM - Permanent"
$description4 = "501 - Permanent"
##$loginscript = "yourloginscriptname"
$servername = "teafs2"
$homedir = "\\$($servername)\User\$($samname)"
$homedirpath = "\\$($servername)\User\$($samname)"
$Company= "ETA"
$department = "yourdepartment"
$department4 = "School Finance"
$departmentnumber = "" + "-" + "$costcode"
Write-Host ""
Write-Host "HOME SERVER is" $servername -ForegroundColor Yellow
Write-Host ""
Write-Host "HOME DIRECTORY has been set to" $homedir -ForegroundColor Yellow
Write-Host ""
Write-Host "DEPARTMENT has been set to" $department -ForegroundColor Yellow
Write-Host ""
Write-Host "DESCRIPTION has been set to" $departmentnumber -ForegroundColor Yellow
Write-Host ""
#Create Active Directory Account
New-ADUser -Name $dplname -SamAccountName $samname -DisplayName $dplname `
-givenname $givname -surname $surname -userprincipalname $upname -emailaddress $email `
-Path $targetou -Enabled $true -ChangePasswordAtLogon $true -Department $department `
-OtherAttributes @{'departmentNumber'="$departmentnumber"} -Company $Company -HomeDrive "H" -HomeDirectory $homedir `
-Description $description -Office $office -ScriptPath $loginscript -AccountPassword $password `
#Add User to Active Directory Groups Based on Description Field
If ((Get-ADUser $samname -Properties description).description -eq $description2) {
Add-ADGroupMember -Identity "CN=InformationSystemsPrintGroup,CN=Groups,OU=ETA,DC=tea,DC=state,DC=tx" -Member $samname
Add-ADGroupMember -Identity "CN=InformationSystemsOUDataGroup,CN=Groups,OU=ETA,DC=tea,DC=state,DC=tx" -Member $samname
Add-ADGroupMember -Identity "CN=InformationSystemsNetworkAccess,CN=Groups,OU=ETA,DC=tea,DC=state,DC=tx" -Member $samname
Add-ADGroupMember -Identity "CN=Mail users,OU=Groups,DC=tea,DC=state,DC=tx" -Member $samname
If ((Get-ADUser $samname -Properties description).description -eq $description3) {
Add-ADGroupMember -Identity "CN=ProjectMgmtNetworkAccess,CN=Groups,OU=ETA,DC=tea,DC=state,DC=tx" -Member $samname
Add-ADGroupMember -Identity "CN=ProjectMgmtOUDataGroup,CN=Groups,OU=ETA,DC=tea,DC=state,DC=tx" -Member $samname
Add-ADGroupMember -Identity "CN=ProjectMgmtPrintGroup,CN=Groups,OU=ETA,DC=tea,DC=state,DC=tx" -Member $samname
Add-ADGroupMember -Identity "CN=Cognos ETASE Dev-Test-Prod,OU=Groups,DC=tea,DC=state,DC=tx" -Member $samname
Add-ADGroupMember -Identity "CN=PMO ALL,OU=Distribution Groups,OU=Mailbox accounts,DC=tea,DC=state,DC=tx" -Member $samname
Add-ADGroupMember -Identity "CN=PMO Permanent,OU=Distribution Groups,OU=Mailbox accounts,DC=tea,DC=state,DC=tx" -Member $samname
Add-ADGroupMember -Identity "CN=Mail users,OU=Groups,DC=tea,DC=state,DC=tx" -Member $samname
If ((Get-ADUser $samname -Properties description).description -eq $description4) {
Add-ADGroupMember -Identity "CN=SchoolFinancePrintGroup,CN=Groups,OU=ETA,DC=tea,DC=state,DC=tx" -Member $samname
Add-ADGroupMember -Identity "CN=SchoolFinanceOUDataGroup,CN=Groups,OU=ETA,DC=tea,DC=state,DC=tx" -Member $samname
Add-ADGroupMember -Identity "CN=SchoolFinanceNetworkAccess,CN=Groups,OU=ETA,DC=tea,DC=state,DC=tx" -Member $samname
Add-ADGroupMember -Identity "CN=Mail users,OU=Groups,DC=tea,DC=state,DC=tx" -Member $samname
#Does the user require a mailbox?
$mailbox = New-Object -ComObject wscript.shell
$intAnswer = $mailbox.popup("Does this user require a mailbox?", `
0,"Create Mailbox",32+4)
If ($intAnswer -eq 6) {
    Add-ADGroupMember -Identity "YourADGroupName5" -Member $samname
    $mailbox.popup("User added to EMail Provisioning Group", `
    0,"Created",64+0)
} else {
    $mailbox.popup("User has not been added to the EMail Provisioning Group", `
    0,"Not Created",64+0)
#Does the user require a LYNC Account?
$lyncaccount = New-Object -ComObject wscript.shell
$intAnswer = $lyncaccount.popup("Does this user require a LYNC Account?", `
0,"Create LYNC Account",32+4)
If ($intAnswer -eq 6) {
    Add-ADGroupMember -Identity "YourADGroupName6" -Member $samname
    $lyncaccount.popup("User added to LYNC Provisioning Group", `
    0,"Created",64+0)
} else {
    $lyncaccount.popup("User has not been added to the LYNC Provisioning Group", `
    0,"Not Created",64+0)
#Create Home Directory and Set Permissions on Home Directory
New-Item -path $homedirpath -type directory
$acl = Get-ACL -path $homedirpath
$permission = "yourdomainname\$($samname)","Modify","ContainerInherit,ObjectInherit","None","Allow"
$accessrule = new-object System.Security.AccessControl.FileSystemAccessRule $permission
$acl.SetAccessRule($accessrule)
$acl | Set-ACL -path $homedirpath
##Set Share Permissions on Home Directory
$Computer = $servername
$Class = "Win32_Share"
$Method = "Create"
$name = $sharename
$path = $sharedirpath
$description = ""
$sd = ([WMIClass] "\\$Computer\root\cimv2:Win32_SecurityDescriptor").CreateInstance()
$ACE = ([WMIClass] "\\$Computer\root\cimv2:Win32_ACE").CreateInstance()
$Trustee = ([WMIClass] "\\$Computer\root\cimv2:Win32_Trustee").CreateInstance()
$Trustee.Name = "EVERYONE"
$Trustee.Domain = $Null
$Trustee.SID = @(1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0)
$ace.AccessMask = 2032127
$ace.AceFlags = 3
$ace.AceType = 0
$ACE.Trustee = $Trustee
$sd.DACL += $ACE.psObject.baseobject
$mc = [WmiClass]"\\$Computer\ROOT\CIMV2:$Class"
$InParams = $mc.psbase.GetMethodParameters($Method)
$InParams.Access = $sd
$InParams.Description = $description
$InParams.MaximumAllowed = $Null
$InParams.Name = $name
$InParams.Password = $Null
$InParams.Path = $path
$InParams.Type = [uint32]0
$R = $mc.PSBase.InvokeMethod($Method, $InParams, $Null)
switch ($($R.ReturnValue))
0 {Write-Host "Share:$name Path:$path Result:Success"; break}
2 {Write-Host "Share:$name Path:$path Result:Access Denied" -foregroundcolor red -backgroundcolor yellow;break}
8 {Write-Host "Share:$name Path:$path Result:Unknown Failure" -foregroundcolor red -backgroundcolor yellow;break}
9 {Write-Host "Share:$name Path:$path Result:Invalid Name" -foregroundcolor red -backgroundcolor yellow;break}
10 {Write-Host "Share:$name Path:$path Result:Invalid Level" -foregroundcolor red -backgroundcolor yellow;break}
21 {Write-Host "Share:$name Path:$path Result:Invalid Parameter" -foregroundcolor red -backgroundcolor yellow;break}
22 {Write-Host "Share:$name Path:$path Result:Duplicate Share" -foregroundcolor red -backgroundcolor yellow;break}
23 {Write-Host "Share:$name Path:$path Result:Reedirected Path" -foregroundcolor red -backgroundcolor yellow;break}
24 {Write-Host "Share:$name Path:$path Result:Unknown Device or Directory" -foregroundcolor red -backgroundcolor yellow;break}
25 {Write-Host "Share:$name Path:$path Result:Network Name Not Found" -foregroundcolor red -backgroundcolor yellow;break}
default {Write-Host "Share:$name Path:$path Result:*** Unknown Error ***" -foregroundcolor red -backgroundcolor yellow;break}

Would you be able to show me how it's done?
Here's an example:
$date = Read-Host 'Enter a date (e.g. 4/23/14)'
Write-Host "Original string: $date"
$dateTime = [datetime]$date
Write-Host "DateTime object: $dateTime"
Don't retire TechNet! -
(Don't give up yet - 12,830+ strong and growing)

In terms of account lock outs due to security reasons, when is time to delete the account and create a new one?

In terms of account lock outs due to security reasons, when is time to delete the account and create a new one?

iCloud accounts and Apple IDs can't be deleted.
(79882)

Snow leopard Active directory account taking a long time to verify password

Hi,
My mac is configured to use an active directory account (windows small biz server 2008), i configured a mobile account when i was still under leopard and it was working fine. Since i upgraded to snow leopard i started experience the following issues:
When i am out of the office (not connected on the domain), logging in to my mac take about 5min after i type the password, same thing when the mac awakes from sleep, i type my password and it says verifying password and this takes about 5 minutes to complete! Another issue i am experiencing is that whenever i put my mac to sleep, when it wakes up most of the running applications crash and i have to restart them. i was hoping 10.6.2 would fix that but it didn't.
Sorry for the long post. Thank you in advance for your support!

I guess we will have to wait for someone to give us a clue, or for apple to release 10.6.3 .

ITMS account locked out

I appear to be locked out of my account and the iPod touch is directing me to the US store even though I'm in the UK. The other night I was browsing the US store on my Mac but changed back to UK when I finished. It seems the preference must have changed. Any idea why I can't get back in on the Touch? It is telling me I need to configure my account but is correctly set on the Mac and there are no options on the iPod

De-authorise and re-authorise your iTunes account, on the PC/MAC version of iTunes. Then make sure you are signed in on the right store, before attemting to re-access the Wifi Music Store.
I've had this happen to me once. It's not fatal, don't worry ...

ICloud/iTunes Account Locking out Active Directory Account [?]

Similar Messages

Maybe you are looking for