Dan asked (a long time ago, sorry Dan) that he was getting notifications of accounts being locked out due to invalid password attempts. Dan's assuming this is because someone is trying to hack into an account and wanted to know how to stop SBS usernames from being "broadcast".
Unfortunately, the question makes a fundamental assumption, that SBS somehow is broadcasting usernames. This is not the case, but it probably doesn't take someone long to figure out a username for your users.
For example, if your user's e-mail addresses and logon names are identical, then once they get an e-mail address for a user they can simply use that as their username for their attempt and start a dictionary attack.
How does one get a valid e-mail address? Simple: start at firstname.lastname@example.org, end at email@example.com, and try every combination in between. Run a script to send to your SBS server a piece of spam that will just get deleted by your ordinary user. Wait for NDRs to return for the non-valid addresses, subtract the rest, and you have a user list.
2 ways to obscure this information:
Your most effective way of making sure that no one cracks your accounts is to enforce strong password policy. In Dan's case, though, it doesn't help his users who are getting locked out of their account legitamately. In that case, your best effort is to take some time and try to determine the IP address of the offending attempts and then block these at your router or higher up.