LOCKOUT (or UF_LOCKOUT flag)#This is technically the 0x00000010 bit in the User-Account-Control Attribute for Microsoft Active Directory.
The value denotes the condition implies the Active Directory account is locked from Intruder Detection.Lockouttime attribute can be set to 0 to unlock a previously locked account.
Warning#The LOCKOUT bit is only reset when the account is logged onto successfully. This implies that the LOCKOUT may be set, yet the account is not locked out. The only accurately method to determine if the account is locked out, you must add the Lockout-Duration to the lockouttime and compare the result to the current time. Be carful as depending on how you are reading the values you may need account for local time zones and daylight savings time.
Some more insight is provided on our page Active Directory Locked Accounts.