I'm banging my head against a wall with this one. I have a user account, that is getting locked out at random. I have no idea what else to try. We've verified his password, and its correct. User ID is correct. He is not using his login to run services anywhere. We have checked every server to see if he has an RDP session stuck somewhere, and everything is cleared. He is not logged into anyone else's machines that we know of. He uses a tablet for email as well, but the tablet has the correct login info, as does his phone. We've cleared his desktop of all cached and stored credentials.
We've ran scripts against the entire network to verify his user ID doesn't show up anywhere as active, yet, the account still continues to throw bad passwords at random DC's. Every minute to 10 minutes, we see another bad hit against a DC, sometimes multiple DC's. What else can we check that we haven't already done?