Resetting the password for a service account and failing to reset the same in the service control manager.
"Account Lockout Threshold" value set too low(less than 10 invalid logon attempts).
Forgetting the password due to strictly tightened password complexity and password length.(Recommended password length = 8 characters).
User logging on to multiple computers
Stored user names and passwords retain redundant credentials
Scheduled processes may be configured to using credentials that have expired.
Persistent drives may have been established with credentials that subsequently expired.
User properties must replicate between domain controllers to ensure that account lockout information is processed properly.
Disconnected Terminal Server sessions may be running a process that accesses network resources with outdated authentication information.
Virus or malwares taking control of RPC service and executing remote codes in all connected domain controllers and computers,causing bulk unexpected account lockouts.