Hello balasubramaniam Perumal,
Thank you for posting in Q&A forum.
Find the account lockout source, which machine locked which AD domain account.
1.Check if you can see multiple Event ID 4771 or 4776 via Security log on DC/PDC.
2.Check whether you can see ID 4740 immediately after the event ID 4776 or event ID 4771 in the security log on the DC/PDC.
3.If these user accounts are not locked out by the same change or the same cause, you may need to check one domain user account first.
4.Find one locked account, and for this domain user account, if you can see Event ID 4771 or 4776 and Event ID 4740 related this domain account, can you see which machine lock (via event 4740 or 4776 or 4771) the user account?
After you find locked source, logon the machine locked out this account to try to check the reason.
• Check Credential Management to see if the user's old credentials are cached (Control Panel).
• Check whether the network disk is mounted with the wrong password.
• Check if the user started the service with the wrong password, run scheduled tasks, etc.
• Are there other third-party programs/application that cache incorrect passwords for user accounts.
I hope the information above is helpful.
If you have any questions or concerns, please feel free to let us know.
Best Regards,
Daisy Zhou
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.