We recently started authenticating AnyConnect client users via LDAP. Once in place, we noticed that our AD password policy was now being displayed in the AnyConnect username/password dialogue box (see highlighted blurred text in attached pic) . 

We then noticed that there was typo error in the text of the password policy. When going into AD to correct the text we were  unable to find where this text is defined in AD or the domain controllers - does anyone out there know where this text is defined in AD or on the domain controllers?

I have confirmed that the text is not being pulled from the ASA -  configuration> remote access VPN > network (client) access > AnyConnect customization/localization> GUI text and messages. As mentioned above - the password policy started showing up when we pointed the ASA at AD.

I have highlighted the password policy text found in the AnyConnect u/p dialogue box below.