I have a situation, or perhaps my understanding of BadPwdCount is wrong... I understand that BadPwdCount is not replicated, however the PDCe role holder acts a kind of a high watermark for this attribute, is that correct?
My situation is that BadPwdCount on the PDCe is not resetting back to 0 after a successful logon.
Here's my test:
Three DC's (DC1pdce, DC2, and DC3) and one Win7 workstation. I use LDP.EXE and simple bind to target DC2 to do a failed logon three times for a test user WST93. Then using Lockoutstatus I can see the BadPwd count on DC2 and DC1pdce is 3. I then do an interactive logon from Win7. dir ENV:logonserver shows DC3. LockoutStatus shows BadPwdCount:
DC1pdce - 3
DC2 - 3
DC3 - 0
Shouldn't DC1, the PDCe get reset to 0 as well?
Geoff