How can I find out why specific AD accounts are being locked daily?

I usually have luck doing it this way:

1. Run LockoutStatus.exe.
2. Enter the username and find out which of your DCs was the source of the lock ("Orig Lock" column) and when it happened ("Lockout Time" column).
3. Examine the Security log on the DC at that time and you will usually be able to pinpoint it to a specific machine.
4. Once you have the machine it's usually:
   • User has a scheduled task running in their name and their password has changed.
   • User has a disconnected RDP session.