First Enable netlogon logs on source DC and review the log on lockout time, you find the lockout system/server details with IP address
Wait for next lockout and open %windir%\debug\netlogon.log to review the logs
Also Read: How to extract bulk object from AD with list of attributes (Part 1)
Some time even netlogon logs point to different DC/server, in that case you have to enable Enable netlogon logs on that DC/server to find the source of lockout
In my experience, find the sample account lockout scenario
All you have to do trace the lockout system by enabling netlogon logs to reach the actual lockout system
Also Read: Windows Server Administrator Interview Questions and Answers
Nltest /DBFlag:0x0