Account lockout and replication issue

[ditobot]

We have a corporate domain controller and a local site domain controller. Our Windows 2000 server replicates with the corporate server approximately every half hour. Corporate recently set an account lockout policy after five incorrect logins. The problems we are having here on a local level is when users reach this five incorrect login limit we will unlock their account, but they will be locked out after one incorrect login every time there after.

There is a Microsoft knowledge base issue that covers that seems to describe our problem. Basically, since the policy is set from the corporate DC the counter can only be fully reset on the corporate DC. When we unlock the users accounts the incorrect login attempts number is not replicated on the corporate DC. Microsoft's fix is to make sure the servers are running the latest service packs. Our is running SP4 and they are claiming they are running the latest service packs.

I'm not sure how to view the incorrect login counter to see if this is indeed our problem and I'm at a loss as to how to correct this problem. Our corporate isn't experiencing it and they never will since they have full control over their domain and thus the counter and they don't seem to concerned since they don't have to deal with it on a daily basis. Does anyone have any suggestions on how to fix our account lockout problem?

 

[markdmac]

I believe you can deal with this by forcing a replication after you unlock the account.

Another good solution is to tell your users to slow down and type their passwords right the first time.

I hope you find this post helpful. Please let me know if it was.

Regards,

Mark