Hello Kunal Kant Sahu,
Thank you for posting in Q&A forum.
Yes, a domain controller can be the source device for an account lockout. This typically occurs when there are multiple failed authentication attempts on the domain controller itself, either due to incorrect password entry or multiple failed logon attempts. When this happens, the domain controller logs the relevant account lockout details under Event ID 4740 under the "Security" log under the Event Viewer.
If you are unable to see event ID 4740 on the domain controller. You need to enable the audit policy on the DC. “Enable Audit Account Lockout”, “Audit Login”, “Audit Logout Policy”, under “Computer Configuration” – “Policies” – “Windows Settings” – “Security Settings” – “Advanced Audit Policies” – “Login/Logout”. Also enable "Audit Account Management" in the "Account Management" section: Success. I hope the information above is helpful. If you have any question or concern, please feel free to let us know. Best Regards, Yanhong Liu
If the Answer is helpful, please click "Accept Answer" and upvote it.