This occurs when the Active Directory password timeout is different from the web.config setting for "UserManagementMaxPasswordAgeInDays" and the user login date is a period between the two. 

Example: 
Active Directory timeout = 90 days. 
Web.conifg setting is = 42
User logs in on day 72 
User receives message that password will expire in -30 days 

To prevent this scenario, make sure the values of Active Directory password and web.config setting match.