How does Directory and Resource Administrator gather incorrect password attempts?
Directory and Resource Administrator 6.x
Directory and Resource Administrator 7.x
The 'Incorrect password attempts' field on the 'Statistics' tab when viewing user account properties, is gathered from each domain controller. The Operating Systems stores this information on the domain controller authenticating the user. The 'NetIQ DRA Agent' service running on each domain controller gathers the 'bad password 'count from all domain controller when the last logon statistics are gathered. The 'bad password' count is cleared when a user successfully logs on with their user account.
The Last bad password date is maintained even after a successful login.