Spent countless hours resetting an OKTA AD service account due to it constantly becoming locked out. Ultimately the problem being a member of both the Domain Admin group and the Service Account OU. This was remedied by creating a Service Admins group that gave service accounts limited administrator privileges.