Account lockout and unlockout synchronization is not supported on Windows NT directory servers.
Enable Account Lockout Synchronization between Directory Server & Active Directory box.
For Account Lockout and Unlockout to work correctly, it is recommended that you set the symmetric password policy at both ends. For example, if the password policy at Active Directory signifies a permanent lockout then the same password policy should be set at Directory Server.
You do not need to do any attribute mapping manually to achieve the account lockout and unlock synchronization. When you press Save, Identity Synchronization for Windows maps the attributes automatically.
Do not modify the mapping between the pwdaccountlockedtimeand lockouttime.
To disable the account lockout and unlockout synchronization, deselect the Enable Account Lockout Synchronization check box.
Alternatively, you can enable or disable the account lockout or unlockout synchronization using command line idsync accountlockout. For more information, see Appendix A, Using the Identity Synchronization for Windows Command Line Utilities.