After much troubleshooting, I've concluded my issue to be something on my network that I need help finding. My network is a Microsoft single domain 2012 environment - something is running/brute-forcing all domain accounts passwords. When my GPO under Computer-Policies-Windows Settings-Security Settings- Account Policies/Password Policy-Acct. Lockout duration is set for 10 minutes and Account lockout threshold is set for 5 invalid login attempts, the phones don't stop ringing for 200 users; everyone gets locked out. If I alter the settings to a Lockout duration set for 2 minutes and Account lockout threshold set for 200 invalid login attempts, the calls/lockouts stop but I still have the issue. I'm verify this using the lockoutstatus.exe 18.104.22.168 provided by the Windows Resource Kit by looking at the last bad password time. They are all within the last 24 hours for all user accounts. Luckily, the domain Administrator account is never effected but all others are.
I have 1 physical Domain Controller. I have virus protection on every node and server. Everything is clean according to my Anti-virus service.
Question - What software program can I purchase that will help pin-point the issue or what other methods are available that can help pin-point the issue?