The default domain policy has three account lockout policy settings.
- Account lockout threshold
- Sets the number of time a password can be entered in wrong before the account will be locked out.
- Account lockout duration
- Sets how long the account will be locked out for, before automatically unlocks
- Reset lockout counter
- The time before the failed account logon counter is reset.
Powershell can also be used to set these values, with Set-ADDefaultDomainPasswordPolicy
Get-ADDefaultDomainPasswordPolicy | Set-ADDefaultDomainPasswordPolicy -LockoutThreshold 10