I've got one user who's password expired in AD a few days back and hasn't been able to get into their mailbox since.

We've reset their password, disabled account expiration and they still cannot get into Zimbra.

Here is the error I see in mailbox.log

Code:
2011-02-23 15:30:27,828 INFO  [btpool0-9://localhost:8443/service/soap/AuthRequest] [name=xxxxx@xxxxxxxxxx.ca;oip=96.54.251.188;ua=zclient/6.0.10_GA_2692;] SoapEngine - handler exception: authentication failed for xxxxx, external LDAP auth failed, [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 701, vece]
According to the Zimbra Wiki 701 means the account is expired. In the Zimbra admin console I see their account as active.

So what's going on and how do I fix this?

We're running Zimbra 6.10 on CentOS and are authenticating off a Windows Server 2003 Domain Controller. None of my other users are having problems logging in.