Hello @Sachin Shinde ,
Thank you so much for posting here.
The built-in domain administrator account will not be locked out actually. It still could be successfully logged in as soon as the correct password is used.
I did the test in my lab. Configured the account lockout policy as shown below. Logged on to the BDC with the domain admin account and typed the wrong password many times. There were events logged on the BDC as shown below.
Then on the PDC, I could see the event ID 4740 and 4771. Even though there is event 4740, the admin account could still be logged in as soon as the correct password is used.
Please note that only the built-in administrator account will not be locked out.
Have we made any changes from last few days, such as changing the password of this account?
Next to event 4740, could we find the event ID 4771 or 4776? If we could find the event 4771, then we could find out the failure code.
For more information about event 4771, please refer to:
https://learn.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4771
For any question, please feel free to contact us.
Best regards,
Hannah Xiong