I'm seeing some references to "Softlock" features that were implemented sometime last year for Active Directory integrations with Okta, with the ability to set a password policy for AD integrated users specifically, but I'm not seeing any of that in my admin console.
I'd also like to know if users that are locked out in AD are also locked out in Okta when authentication is delegated to AD. It appears as though the user is only locked out in AD (which makes it so they can't auth to Okta) but I would like administrators to be able to unlock the account form Okta without giving every user in the org that ability.
The softlock capability is a process to lock the Okta account rather than the AD account when maybe a malicious external user tries repeatedly entering an invalid password during Okta login that could lock an end-user out of their Windows account and hardware device. So we lock the Okta account out at say three failed login attempts, but the AD policy would lock out after 5 for exmple. So it's a safety feature.
For you second part of the question.If the user gets deactivated via AD then yes the Okta account upon next import will deactivate the Okta account.