Hello
Welcome to Centrify Community!
The Keychain Access app can be used to re-sync the login keychain with the user's current AD password. If the password for the login keychain is not known, it may be necessary to delete the existing login keychain and create a new one, though this will delete all existing app passwords that were associated with the user's account.
As a test, may we know if you are open to removing the existing login keychain and update the password on AD again to see if the issue still persist?
Please keep us posted with any update or result. Thank you!
BR,
Ivan