Hello Andrew Saliba,
Thank you for posting in Q&A forum.
Do you have more than one Domain Controller in this domain? If so, maybe the account was locked on multiple DCs, we can check the security log (event ID 4776 and event ID 4740) about this account on non-PDC.
Please check the "Account Lockout threshold" value, and if "Account Lockout threshold" value is 5, you will see 5 entries event IDs of 4776 and then you will see the event ID of 4740, 4740 means the account is locked out.
Please check if you can see "caller computer name" through event 4776 or event ID 4740.
The first thing we should check is: which machine the account is locked on, then we can check which app/program is using the wrong credential of this account, at last, we can delete/remove the wrong credential on specific app/program.
I hope the information above is helpful.
If you have any questions or concerns, please feel free to let us know.
Best Regards,
Daisy Zhou
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.