!!! AD lockoutTime
[{$pagename}] [Microsoft Active Directory] [attribute] specifies the date and time (in UTC) that this account was locked out for [Intruder Detection]

This value is stored as [LargeInteger] [LDAPSyntaxes]

A value of zero means that the account is __NOT__ currently locked out.

[{$pagename}] can only triggered by the system itself.\\
(please don't mix this up with the normal [disable/enable|Administratively Disabled] operation for user accounts. You can search in the directory for locked accounts.)

The only values that may be set on this is to set the value to "0" which will effectively un-lock the account.

{{{
cn: Lockout-Time
ldapDisplayName: lockoutTime
attributeId: 1.2.840.113556.1.4.662
attributeSyntax: 2.5.5.16
omSyntax: 65
isSingleValued: TRUE
schemaIdGuid: 28630ebf-41d5-11d1-a9c1-0000f80367c1
systemOnly: FALSE
searchFlags: 0
systemFlags: FLAG_SCHEMA_BASE_OBJECT
}}}

! Warning
[{$pagename}] attribute is __only reset__ following a successful [authentication]. 
This implies that the lockoutTime attribute may be non-zero yet the account is __not__ locked out. 
The only accurately method to determine if the account is locked out, is to add the [Lockout-Duration] to the [lockouttime]  and compare the result to the current time. Be careful as depending on how you are reading the values you may need account for local time zones and daylight savings time.

!!Version-Specific Behavior: 
* Implemented on Active Directory® Application Mode (ADAM) 
* Windows Server® 2008 operating system
* Active Directory® Lightweight Directory Services (AD LDS)for Windows® Vista
* Windows Server® 2008 R2 operating system
* Active Directory® Lightweight Directory Services (AD LDS) for Windows® 7

![Active Directory Account Lockout]
Describes details on [Active Directory Account Lockout].

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]