Domain accounts getting locked out

All of our domain accounts keep getting locked out numerous times during the day for the past couple of days.  In the event log on a DC, there are constant audit failures, event ID 4662:

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          9/23/2011 10:10:14 AM
Event ID:      4662
Task Category: Directory Service Access
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      servername.ourdomain.com
Description:
An operation was performed on an object.

Subject :
      Security ID:            domain\user[
      Account Name:            username
      Account Domain:            ourdomain
      Logon ID:            0xb4d9d80

Object:
      Object Server:            DS
      Object Type:            user
      Object Name:            CN=useraccount\OU=Client Services,OU= Departments,DC=ourdomain,DC=com
      Handle ID:            0x0

Operation:
      Operation Type:            Object Access
      Accesses:            Control Access
                  
      Access Mask:            0x100
      Properties:            ---
            {91e647de-d96f-4b70-9557-d63ff4f3ccd8}
                  {6617e4ac-a2f1-43ab-b60c-11fbd1facf05}
                  {b3f93023-9239-4f7c-b99c-6745d87adbc2}
                  {b8dfa744-31dc-4ef1-ac7c-84baf7ef9da7}
            {771727b1-31b8-4cdf-ae62-4fe39fadf89e}
                  {612cb747-c0e8-4f92-9221-fdd5f15b550d}
      {bf967aba-0de6-11d0-a285-00aa003049e2}


Additional Information:
      Parameter 1:            -
      Parameter 2:            
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
    <EventID>4662</EventID>
    <Version>0</Version>
    <Level>0</Level>
    <Task>14080</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8010000000000000</Keywords>
    <TimeCreated SystemTime="2011-09-23T14:10:14.200Z" />
    <EventRecordID>128232590</EventRecordID>
    <Correlation />
    <Execution ProcessID="820" ThreadID="924" />
    <Channel>Security</Channel>
    <Computer>servername.ourdomain.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="SubjectUserSid">S-1-5-21-796845957-1715567821-682003330-1698</Data>
    <Data Name="SubjectUserName">Username</Data>
    <Data Name="SubjectDomainName">ourdomain</Data>
    <Data Name="SubjectLogonId">0xb4d9d80</Data>
    <Data Name="ObjectServer">DS</Data>
    <Data Name="ObjectType">%{bf967aba-0de6-11d0-a285-00aa003049e2}</Data>
    <Data Name="ObjectName">%{474f39a0-a6c3-40f0-a1dd-24604b29e15e}</Data>
    <Data Name="OperationType">Object Access</Data>
    <Data Name="HandleId">0x0</Data>
    <Data Name="AccessList">%%7688
                  </Data>
    <Data Name="AccessMask">0x100</Data>
    <Data Name="Properties">---
            {91e647de-d96f-4b70-9557-d63ff4f3ccd8}
                  {6617e4ac-a2f1-43ab-b60c-11fbd1facf05}
                  {b3f93023-9239-4f7c-b99c-6745d87adbc2}
                  {b8dfa744-31dc-4ef1-ac7c-84baf7ef9da7}
            {771727b1-31b8-4cdf-ae62-4fe39fadf89e}
                  {612cb747-c0e8-4f92-9221-fdd5f15b550d}
      {bf967aba-0de6-11d0-a285-00aa003049e2}
</Data>
    <Data Name="AdditionalInfo">-</Data>
    <Data Name="AdditionalInfo2">
    </Data>
  </EventData>
</Event>

Doesn't really show where it's coming from.  Seems like probably a brute force attack.  Any ideas on how to nail this down?  Thanks.