I had a problem when an Active Directory user account got locked out all the time.
I found out that when I unlocked the user account the bad password attempts started again and after 20 retries the account got locked out. I guessed that there must be a script or task some where on the network that used the user account and after a password change this caused the problem.
In LockoutStatus.exe (Account Lockout and Management Tools) I could see from what domain controller the lock originated from. I logged on to the domain controller and checked the security logs in the event viewer. I found the event ID 4740, that explained that user account was locked out and I also found out the caller computer name.
After a quick check on the caller computer I located the problem and solved it by adding the new password for the account.