I created this script to send a notification email about account lockouts. Just run as a Scheduled Task on all AD DCs.

Send-AccountLockoutEmail.ps1

<#
For use in a scheduled task on an Active Directory Domain Controller
Name: Lockout Email
Trigger: On event - Log: Security, Source: Microsoft-Windows-Security-Auditing, Event ID: 4740
#>

$AccountLockOutEvent = Get-EventLog -LogName "Security" -InstanceID 4740 -Newest 1
$LockedAccount = $($AccountLockOutEvent.ReplacementStrings[0])
$AccountLockedAt = $($AccountLockOutEvent.ReplacementStrings[1])
$AccountLockOutEventTime = $AccountLockOutEvent.TimeGenerated
$AccountLockOutEventMessage = $AccountLockOutEvent.Message

$From = "dc@somedomain.com"
$To = "support@somedomain.com"
$SMTPServer = "mailserver.somedomain.com"
$SMTPPort = "25"
# Username and Password if you don't have an anonymous SMTP/Send Connector
# not sure if this can be stored in a PSCredential object
#$Username = "username"
#$Password = "password"

$subject = "Account Locked Out: $LockedAccount"
$body = "Account $LockedAccount was locked out on $AccountLockOutEventTime.`n`nEvent Details:`n`n$AccountLockOutEventMessage"

$smtp = New-Object System.Net.Mail.SmtpClient($SMTPServer, $SMTPPort);

$smtp.EnableSSL = $false
#$smtp.Credentials = New-Object System.Net.NetworkCredential($Username, $Password);
$smtp.Send($From, $To, $subject, $body);