We were testing out password policy and noticed that attributes like pwdFailureTime that are modified during operation are commented out in the schema so they can't be viewed by the admin. 

Does anybody know the reasoning for this? We are thinking that we will want to be able to see them for debugging problems when we implement a password policy. But I wondered if that can cause problems if we put them in the schema or if their are other ways to get to current values on accounts. 
--
John Baker
Network Administrator
Marlboro College
Phone: 451-7551 Cell: 490-0066