I can't seem to find out why my Account keeps getting locked. I know it's because failed password attempts. I used the LockoutStatus tool and in the ORIG field it says DC1 which is my PDC. I checked all the services and don't see any that are using this account. This is a brand new domain built within just the past few weeks, not sure how long this has been going on but it became an issue in the last couple days.
I looked in the event log but I don't really see anything.
How can I find out what is causing this?
--- all servers are 2008r2 with all updates