The user is locked out locally. An entry like one of the following can be seen in /etc/shadow or /etc/passwd, depending on the O/S
Since files are checked before QAS, if the user exists locally and is locked out, AD is never checked for a password.
Enable the user locally. If the user should not have access to the local account, say for security or auditing reasons, set the local user's password to some long random string that the user does not know.