Just trying to get some clarification on this, as we are troubleshooting some account lockout issues. Just to preface, I have read through al l the MS documentation on this, including the following:
http://windowsitpro.com/windows/understanding-windows-account-lockout-security-feature https://technet.microsoft.com/en-us/library/cc775412(v=ws.10).aspx According to all the documentation it staes that the badPwdCount attribute is NOT replicated. My assumption is that this includes the PDC, that the PDC does not replicate this out to the other domain controllers in the forest. Is that correct. So for example if DC2 (not the PDCe) has a badPwdCount of (3) it will stay at that number until it gets a good password. The PDCe value won't replicate it out. Is that correct? Thanks Chris ----------------------------------------- This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you.
