With Friendly errors enabled CAM will pass on the exact error message it receives from AD to the user. So if the error message shown when the user tries to log into CAM matches the error message shown when the user tries to log into Windows. If the Admin locks an account I don't think it will show account locked for example.
In Settings > Configuration Settings
Look for the heading Show Friendly Errors and check the box next to Show friendly authentication errors
This is turned off by default to avoid exposing any extra information as a precaution.
You could test that 'Friendly errors' is working as expected by expiring a user's password.
To expire a user's password run the following commands in Powershell on the AD server, changing the DN to something specific however:
# Bind to user object in AD.
$User = [ADSI] "LDAP://cn=Test User,cn=Users,dc=owa2010,dc=local"
# Expire password immediately.
$User.pwdLastSet = 0
# Save change in AD.