The DBA privilege cannot be granted to a user (who has the CONNECT privilege) who is in password-invalid account lock status. You must first release the user from password-invalid account lock state, then you can grant the DBA privilege.
You use a REVOKE statement to revoke privileges from users in password-invalid account lock state.