The problem with non windows devices is that they cache the password and don't understand the Domain infrastructure to know to ask for an updated password. Instead they just keep retrying the password to connect to the SSID until it locks the account. The best way to solve the permanently i have found is to move to Certificate based authentication(EAP-TLS)
As for where the user is, you might be able to see their device in the Logon role in your user database, and from there you would see which AP they have associated with, which could give you a rough idea of where the user is.
If someone has any tips on how to manage username/passwords on a iOS device and prevent the lockout that would be great, as I know we have other customers who have this issue, and cannot move to certificate auth.
-ELiasz