If you create users in Active Directory with passwords that violate the Directory Server password policy, those users will be created and synchronized in Directory Server, but the entries will be created without a password. The password will not be set until the new user logs into Directory Server, which triggers on-demand password synchronization. At this time the login will fail because the password violates the Directory Server password policy.
There are several ways to recover from this situation:
Force the user to change their password the next time they log on to Active Directory
Change the user password on Active Directory, and be sure the new password meets Directory Server password policy requirements
You may want to review whether the password policy set on Active Directory and on Directory Server are equivalent (or as similar as possible).