I was running into an issue in the last 2 scenarios.
•Failure Count Timeout
•Auto Reset Failure Count
When the user is locked due to failure timeout, they get successfully added to the "cn=Disabled-FailureCount"
but the check box in APSHelpdeskAdmin "Disabled due to Failure Count" is not marked for the locked user.
Hence there is no way but to manually open delete users information from the respective CN.
In another use case while trying to lock an active user from APSHelpDesk Admin by check box of "Disabled due to Failure Count",
a pop up error is displayed "user update failed". i might be missing some configuration on the back-end,
or there might be a bug.