Windows XP User's LAN ID locked out in AD

Some of our users are using Windows XP Professional, and
the AD is built up with Windows 2000 Server. The following
domain security policy: Password will expire in 36 days,
can not be same with previous 6 passwords.
The donmain account of the XP user will locked out
automaticly when their password expired, and can not log
on to the domain any more even the system administor has
unlocked the user's ID. To let the user able to log on
again, the system administrator must remove the user
profile for this user, and then let them log on again to
create a new profile in the user's PC.

Kindly comment how to resolve this, thank you.