So this is the most "recent" thread I could find:

But that's like 4 years old, so I'm not sure if any of it still holds true.

Our AD is 2003 level (can't quite upgrade to 2008 level just yet).

The goal:
If eDir account gets locked, it locks the AD account
If you use iManager in eDir to unlock the account, it unlocks the AD account as well.

I'm assuming it's still advised to keep the eDir/AD intruder lockout settings as similar as possible (ie: X attempts within X minutes locks it for X period of time)?