I'm creating a new fine grain password policy and have the following question.
I need to have my user accounts set to never unlock automatically so I'm setting the
msDS-LockoutDuration value to: 00:00:00:00 / If I set the msDS-LockOutDuration Windows to 00:00:00:00 does this means that a user failed login attempts would be logged over the course of months?
Isn't is recommend to set both the lockout duration and window to the same vaule so in my case, both should be zero?
Also is there graphical native reports that I can run to show all policies both GP applied and PSO that a user is processing?