PS query of workflow definitions

Question: Can you query the rules associated with the start of an ARS Automation Workflow, and return information about whether or not runas is used within the workflow start conditions?

Reasoning: I have a unique problem I'm tracing the source of our production domain proxy account lockout.

I have all-but eliminated scheduled tasks as a source of this bad password activity.  Subsequent lockouts occur only when our 3 strikes threshold is crossed.

Which is about - 2 or 3 times a day.

Checking domain controller lastbad password attempts shows that every hours ( of every day ) - at :53 minutes past the  hour, a bad password attempt is sent from our JOB server for our proxy account.

We have no scheduled tasks with a precise start or finish time around that value -

If we stop the service on that lone host ( of 8 servers using the same config ), the bad password attempts  stop.  So, the issue is inside the  house.

Now I turn to workflows as a potential source -  I wrote this PS> line to  pull the current state of the workflow enable/disable status …

(get-qadobject  -SEARCHROOT "CN=Workflow,CN=Policies,CN=Configuration" -IncludedProperties EDSAWORKFLOWISDISABLED | SELECT NAME, edsaWorkflowIsDisabled)

I tried -includedallproperties  in the search - and exported to a file so I could query for any instance of 'runas' on the workflow … and found no reference.