(Solved) WIndows 2008 AD domain administrator locked out
I can't remember when this problem started to happen but I don't remember it ever happened before we switched 2003 servers with 2008 servers.
The built-in domain administrator account gets locked out with 5 incorrect password tries. The problem still persists even after I set the account lockout threshold to 0 (the account will not locked out) in both "Default domain policy" and "Default domain controller policy" and issued the command "gpupdate /force" on both domain controllers.
There is only one GPO linked to the built-in "Domain Controllers" OU which is "Default domain controller policy" and I've set "block inheritance" on the OU in GPO editor.
I don't know if there is any lockout settings applies to user account (ex. administrator account) or if I have to reboot the domain controller computers to make it work. Any suggestions are appreciated.