Enable Account Lockout Synchronization between Directory Server and Active Directory.
To enable Account lockout synchronization, you need to map attributes pwdaccountlockedtime (Directory Server) and lockoutTime (AD). pwdaccountlockedtime can be selected in the console after loading the schema with passwordObject object class.
You can enable or disable the account lockout synchronization using command line tool idsync accountlockout. For more information, see Appendix A, Using the Identity Synchronization for Windows Command Line Utilities.