i was going down the path of trying to sync intruder lockouts between edir
trees,,,,,but seeing as i have some connected systems that just done
recognized that.....i am thinking it may be better just to have policies
which set connected systems to disable when the vault detects a lockout
somehow.

does AD have a concept of some sort of lockout if a user on the AD side
repeatedly tries to login? something i can write a policy against?