During the vulnerability scan of the AD, some accounts were found with a blank password and UserAccountControl AD attribute set to 544 (mix state of normal account 512 + password not required 32).
Release : 14.4
Logs show that account creation failed due to the error: Unable to set Password Reason: Unwilling To Perform].
Since account creation is a multi-step process without rollback, this left account with a blank password, and the UserAccountControl attribute is set to 544 (mix state of normal account 512 + password not required 32).
The solution is to fix the underlying issue - in this case, password policies in IM and AD are different.
Each time there is an endpoint account creation error administrator should analyze the error and decide if the account should be removed after the underlying cause is fixed.