Daft question, for which I apologies, but I just wanted to confirm that, within a Windows 2000 AD environment, the original Domain Admin account can't be locked out due to incorrect login attempts? I have in my head, for some reason, that its not possible to lock out the domain admin account as, if it were to be locked out, there would be a possibility of not being able to administer the domain. I also have in my head that best practice is to rename and manually disable this account, after having created specific admin accounts for each administrator, in order to ensure that brute force attacks cannot be run on the domain admin account.
Can anyone confirm that this is correct? The reason i ask is that for a customer we've taken on support of, the account which we were told was the renamed original domain admin account got locked out last night, and, if my understanding of this is correct, it means it can't be the original domain admin account!
Any information or pointers to where MS have this documented much appreciated, as a trawl through the web hasn't found this information, and now I worry I'm starting to imagine things.
Many thanks,
Chris
Can anyone confirm that this is correct? The reason i ask is that for a customer we've taken on support of, the account which we were told was the renamed original domain admin account got locked out last night, and, if my understanding of this is correct, it means it can't be the original domain admin account!
Any information or pointers to where MS have this documented much appreciated, as a trawl through the web hasn't found this information, and now I worry I'm starting to imagine things.
Many thanks,
Chris
