I have configured Extranet Smart Lockout on a fully updated WS2016 standalone ADFS server. At first glance it seems to work but using the Get-ADFSAccountActivity cmdlet on my testaccount i can see that the "BadPwdCounter" only counts upwards if
the user logs with a bad password in the format "DOMAIN\username". If the user logs in with a bad password in the UPN format "user@domain.com" it doesn't count upwards. This has the effect that the user does not get soft locked out on the
ADFS server when attempting with UPN. Any ideas what could be wrong here? This is the guide i followed, rights on the artifacts database are ok, confimed by logging into WID with SQL Management Studio.
https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-ad-fs-extranet-smart-lockout-protection
