password remains valid for 49705 day

I have User who get periodically locked out of our domain,  these are user who just user forward facing web application but their log in is tied to an Active directory account.

These user do not log into the domain, nor are their PC a member of the domain

I use the windows Password Lockout status tool  and find the error:

"Max Password age for User XXXX is 90 day"
"Current Password Age is 94 day ....."
"Password remains Valid for 49704 day......"

I have performed a web / google search and not found anything

User are  not getting notified by email by a third Party app that we use for self service password resets.  We user AD self Service by Manage Engine.

When we get the call this error is the same for every user with an issue

Associates who log on to the Domain and have member PC do not have this issue

Thanks ahead of time for any help
Alain LaverdureSystems AdminAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
Do you have Active Directory Auditing Enabled? If you don't then you need to enable this which will help you find out where the account might be locking out (other means).

I have created a HowTo for Enabling Active Directory Auditing.

I would also recommend that you download Active Directory Auditor by Lepide Software which will also provide a great deal of insight on where/why/how the account is being locked out. You download the trial version which will get you started.

Active Directory Audit by Lepide Software

Alain LaverdureSystems AdminAuthor Commented:
Its not so much that they are getting locked out  as they are not getting notification for expiration.  and then when we reset or check the account the status is erroneous  

The Password remains valid is just a calculation based on the differenct of the max Pswd age and current Pswd age,  not sure why it is report erroneous information.

Thanks for the links i will definitely check
Alain LaverdureSystems AdminAuthor Commented:
This must have stumped other windows admins as well  I am sure someone esle has experienced this as well.
Alain LaverdureSystems AdminAuthor Commented:
Update:  after a week  I checked the password status for the same user and it is now normal.
Will SzymkowskiSenior Solution ArchitectCommented:
This could have been a replication issue within the domain.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.