hi thwwomp, need some more data:

What is the compexity requirement of your passwords? Sounds like your AD integrator is a lot like me. I had a policy with NO lockout restrictions among other very loose controls since the passwords are complex and there is a greater danger of infiltration through password stealing versus an automated process. But thats another thread and I lost a great battle with government regulators. Even though piles of data and examples proved my point

So what are the complexity requirements? The real issue here is protecting data integrity. And we can build a discussion from there.

//EDIT oh and are there additional access controls outside of active directory? For example, do they have another layer of authentication once the user is logged into the network? That is very important to know.