Account locking source

http://www.microsoft.com/downloads/en/details.aspx?FamilyId=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en

Check this link and the tools provided will help you find out where the lockout comes from.

I already use the lockout status tool, which is great for unlocking the account, and it tells me from which DC the account was originally locked from, but I don't see anywhere where it tells me which computer the lockout came from.  I also added the dll for the extra information on the AD info screen, and while it is nice, it doesn't tell me what I want to know either.

It could be that you have a service or scheduled task set to use the old password (which is why MS recommend NEVER using a user account for these) - Check these and the event logs

Pretty sure I don't - I know what you are talking about, but we don't use user accounts for services or tasks.

- stored credentials for a shared drive or printer ?

Tried to filter event log for failed authentication ?

You can also enable a more extensive logging :
http://technet.microsoft.com/en-us/library/cc773155%28WS.10%29.aspx

or use LockoutStatus.exe and set NetLogon logging on the account.

a few ideas on service accounts you might have not thought you are using with your domain admin account.

Backup service account
Imaging Service account
SQL service account
LAN/WAN Monitoring service account
Task Schedule accounts
Shared Drive / Printer account
Asset Managment Software service account