User not getting unlocked in AD through Okta even though Okta service account is part of Domain Admin group? Skip to main content
https://support.okta.com/help/answers?id=9060z000000jjldqac&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Averi DasAveri Das 

User not getting unlocked in AD through Okta even though Okta service account is part of Domain Admin group?

Hi,
I have delegated authentication configured for AD in Okta. AD is the profile master. In AD password policy, I have added a rule for user account unlock and password reset. The flag for Unlock users n Okta and Active Directory is also enabled in the policy. The Okta service account in AD domain is member of the Domain Admin group. But still Okta is unable to unlock user acounts in AD, why?
Thanks,
Averi
Nate QuesadaNate Quesada (Okta, Inc.)
Hi Averi,

We should investigate this more thororughly. Can you open a case with Okta Support so that we can dig in and review the configuration and logs to see what's going on here? 

Thank you,
Nate