Since upgrading to ZCM 10.3 (could have been happening before, but I don't think so) we've been having a recurring problem with user's AD accounts locking. We finally nailed down the sequence.

Our environment...

Novell Client 4.91 SP5 on the desktop
Active Directory (AD is the password authority)

1. User enters password into the Novell client but accidentally enters an upper case letter as lower (or vice versa)

2. eDirectory accepts the password because it's not case sensitive and passes it on to the Zenworks agent

3. Zenworks agent is unable to login because the password is incorrect

4. Look at users account in AD and instead of having 1 Bad password attempt they have 8!!!!

We allow 10 bad password attempts before locking an account. Why/what is trying the bad password 8 times before realizing that it's bad? Where is the setting that prevents this from happening?