A user's account keeps getting locked out in Active Directory. It's probably caused by an app that's using Windows authentication to connect to SQL Server.
Is there a way to find out which app is causing it and why the app might be causing failed login attempts?
Best Answer
Have a look at the Account Lockout and Management Tools available on the Microsoft Download Center. Specifically LockoutStatus.exe and EventCombMT.exe. You might not be able to exactly pinpoint where the lockout is coming from but you should be able to narrow it down quite a bit to make it easier to see.
Here are a couple more Technet articles that might help:
Maintaining and Monitoring Account Lockout
Account Lockout Tools (description of the tools in the download linked to above)
Using the checked Netlogon.dll to track account lockouts
Enabling debug logging for the Net Logon service