Hi @Nikil Lepcha
I'm assuming that the user is logging into windows workstations or servers that are joined to an AD. The reason I ask is that by default AD will only accept the current password, it doesn't accept n-1, or n-2 passwords. This functionality only exists for computer accounts and is limited to n and n-1 passwords. Unless you have additional services installed on the DCs to support this functionality. Can you share the details of you new lockout policy.
Are there multiple accounts that are showing this problem or just this one?
The presents of a user profle on a machine will not cause a logon event, this will only happen if the user has started an RDP session and disconnected the session or left a machine logged on. Typically in this scenario the logon event happens as the session tries to access resources that were opened while the user was using the session, or mapped drives opened with credentials.
You can use NetTools to identify which systems are causing the logon and see if there are any sessions still running for the user.
Gary.
GAry.