For some reason I can't seem to locate the exact service or application that keeps locking out a specific account.
Randomly one of our user accounts keeps getting locked out. I have been able to isolate it to being a login directly to one of our domain controllers and the SVCHOST service.
I have used the MS Account Lockout Tools to find the DC and the NetLogon logs to locate the PID of the service; but still can't fix this issue as of yet. I was able to do this with W2k3 & W2k8; not sure why W2k12 is not giving me the same results.