Hello
Thank you for posting in Q&A forum.
An account is usually locked out because the account has changed their password but their device has not changed and is still sending login requests, so the first thing we need to do is find the device and clear the cached credentials. Make sure the user clears any cached credentials on their mobile device and reauthenticates with the updated password.
You can also go to DC01>>> open event view >>> security logs >>> find 4771 or 4776 log which relate with this user and check the source using this way to find the source machine.
Best regards
Yanhong
=====================================
If the answer is helpful, please click "Accept answer" and upvote it