If I have two domain controllers (DCs) in my environment and two different computers are used to log in to the separate domain controllers, can the password attempts be exceeded?
Additionally, does the reset mechanism work in the same way?
Example for clarity:
My Password Lockout Limit is set to five attempts
- Computer 1 attempts login into DC1 – unsuccessfully
- Computer 1 attempts login into DC1 – unsuccessfully
- Computer 1 attempts login into DC1 – unsuccessfully
And
- Computer 2 attempts login into DC2 – unsuccessfully
- Computer 2 attempts login into DC2 – unsuccessfully
- Computer 2 attempts login into DC2 – unsuccessfully
Is this account now locked?
Note: Computer 2 was added for clarity. The same situation could occur in times of network distress with one computer.
Best Answer
Yes, the account will be locked out.
As documented in the Advanced Replication Management documentation:
So to summarize, as bad password attempts are prioritized and every bad password attempt is also retried at the PDC emulator, your account will be locked out by any properly replicating domain controller.
There are however a few exceptions that might allow you more than your allotted amount of logins: