The Windows domain feature for locking accounts can be a helpful feature against malicious attempts to guess a password via brute force.
The version of netlogon.dll that has tracing included is installed by default on all currently supported versions of Windows. To enable debug logging, set the debug flag that you want by using nltest.exe, the registry, or Group Policy.
You will have to adjust a few policy settings to get the DCs to audit logon events. This are usually set correctly, but it can be worth a check of the environment to make sure the DCs are get the proper audit settings.
Audit account logon events for domain accounts and Audit logon events for logons to the computer.
The Event IDs we are most concerned with are under the Windows Logs > Security section of Event Viewer.