Active Directory User Federation and Password Expired

Hi, we have an User Federation binding to Active Directory. In Mappers we added “msad-user-account-control-mapper”.

But, occasionally we got an User with expired password that can authenticate against Keycloak.

Why could this be occurring?