Yes, that is correct. Each DC will have its own count. On Thu, Jan 7, 2016 at 3:02 PM, Christopher Bodnar < [email protected]> wrote:
> Just trying to get some clarification on this, as we are troubleshooting > some account lockout issues. Just to preface, I have read through al l the > MS documentation on this, including the following: > > > > > http://windowsitpro.com/windows/understanding-windows-account-lockout-security-feature > > https://technet.microsoft.com/en-us/library/cc775412(v=ws.10).aspx > > > > According to all the documentation it staes that the badPwdCount attribute > is NOT replicated. My assumption is that this includes the PDC, that the > PDC does not replicate this out to the other domain controllers in the > forest. Is that correct. So for example if DC2 (not the PDCe) has a > badPwdCount of (3) it will stay at that number until it gets a good > password. The PDCe value won’t replicate it out. Is that correct? > > > > Thanks > > > > Chris > > ------------------------------ > ----------------------------------------- This message, and any > attachments to it, may contain information that is privileged, > confidential, and exempt from disclosure under applicable law. If the > reader of this message is not the intended recipient, you are notified that > any use, dissemination, distribution, copying, or communication of this > message is strictly prohibited. If you have received this message in error, > please notify the sender immediately by return e-mail and delete the > message and any attachments. Thank you. > > -- T. Todd Lemmiksoo
