Sun Java System Directory Server Enterprise Edition 6.0 Installation Guide

Configuring and Synchronizing Account Lockout and Unlockout

With this setting, you can synchronize account lockout and unlockout between Directory Server and Active Directory.

Note –

Account lockout and unlockout synchronization is not supported on Windows NT directory servers.

Synchronize Account Lockout and Unlockout

Enable Account Lockout Synchronization between Directory Server & Active Directory box.

Figure 6–48 Enable Account Lockout Synchronization

Use these settings to enable and disable the account
lockout synchronization.

Note –

For Account Lockout and Unlockout to work correctly, it is recommended that you set the symmetric password policy at both ends. For example, if the password policy at Active Directory signifies a permanent lockout then the same password policy should be set at Directory Server.

Configure Identity Synchronization for Windows to Detect and Synchronize Account Lockout and Unlockout

You do not need to do any attribute mapping manually to achieve the account lockout and unlock synchronization. When you press Save, Identity Synchronization for Windows maps the attributes automatically.

Figure 6–49 Attributes mapping for Account Lockout Synchronization

Select the attributes that you want to synchronize and
click Save

Note –
  1. Do not modify the mapping between the pwdaccountlockedtimeand lockouttime.

  2. To disable the account lockout and unlockout synchronization, deselect the Enable Account Lockout Synchronization check box.

  3. Alternatively, you can enable or disable the account lockout or unlockout synchronization using command line idsync accountlockout. For more information, see Appendix A, Using the Identity Synchronization for Windows Command Line Utilities.