What are the key considerations to avoid account lockouts when brute-forcing domain user passwords via LDAP?

The default lockout threshold is 5 incorrect attempts, and locked accounts typically require a 30-minute waiting period. You must first obtain the domain password policy using tools like Penetration Basics - Obtaining Domain User Password Policies to determine the `lockoutThreshold` value and stay within that limit. Additionally, after brute-forcing, you cannot clear the last incorrect password timestamp because it is owned by the Security Accounts Manager (SAM).