Here is a easy way to find out where the user is trying to logon to. Great way to find out why they always have account lockout.
To enable netlogon logging: Nltest /DBFlag:2080FFFF
An log under %windir%\debug\netlogon.log will be created and here we can see where the user is trying to logon to.
To disable netlogon logging: Nltest /DBFlag:0x0