After dealing with users (local accounts, not AD bound) accounts being locked for far too long, I have finally found what is causing the failedLoginCount to increment. It's iCloud!
When signing into iCloud or changing a preference/setting/config in iCloud and you are prompted for your iCloud password, you enter it, this increments the failedLoginCount (even if your iCloud password was correct).
If, like us, you have a Passcode payload deployed to your computers that has a "Maximum number of failed attempts" specified then the account will lock once the failedLoginCount increments past the number. In our case, 5.
This is the command to check a users failedLoginCount, it can be run remotely.
/usr/bin/dscl . -readpl /Users/<accountName> accountPolicyData failedLoginCountThis was taken immediately after entering the iCloud password.
