You can use the accountlockout subcommand to synchronize account lockout and unlockout between Active Directory and Directory Server.
To enable or disable the account lockout, type idsync accountlockout command.
For example:
idsync accountlockout -{e/d} -D <Directory Manager DN> -w <bind-password> -h <Configuration Directory-hostname> -p <Configuration Directory-port-no> -s <rootsuffix> [-Z] [-P <cert db path>] [-m <secmod db path>] -q <configuration password> -t <max lockout attempts>Table A–10 accountlockout arguments
Argument |
Meaning |
---|---|
-{e/d} |
Select e for enabling , and d for disabling the account lockout synchronization. |
-t |
Specifies the maximum number of lockout attempts that Active Directory Connector performs. |