Hello, Can someone explain the expected operation of the pwdFailureCountInterval attribute please? The documentation seems to be fairly clear, but if I add it to the password policy, along with some other attributes, the account remains locked, even after the pwdFailureCountInterval time. Despite authenticating with a valid password, the pwdFailureTime entries remain and the account remains locked. These are the attributes in use: pwdLockout: TRUE pwdMaxFailure: 5 pwdFailureCountInterval: 1200 Thanks. Tom