Password Expiration Notification(PEN) operates with pretty simple algorithm, it is getting the following values of Active Directory:
1. Pwd-Last-Set attribute(pwdLastSet)
2. Maximum password age
3. E-mail-Addresses attribute(mail)
Then PEN calculates when the password is expired in by the following formula:
Maximum password age - (current day - pwdLastSet)
I do not think something wrong with PEN, maybe the password has been changed for that user before you run the report or you changed some settings of PEN.
Settings are as follows:
Enable Password Expiration Notifier - Checked
Send reports to administrators - Checked
List users who accounts or passwords expire in days or less - 14
Advanced - Configure:
Include data on expiring accounts in reports - Checked
Ignore users with "Change password at next logon" option enabled - Checked
Ignore users with "Password never expires" option enabled - Checked
Ignore users who do not have email accounts - Checked
Ignore users whose passwords have already expired - Checked
Specify the account that will be used for data collection from the managed domain - Checked
This however still does not explain why the list of accounts in the automated e-mail would so wildly differ from the list in the manually generated report.
For example, today's automated e-mail listed 3 accounts with expiry in 2, 4, and 4 days respectively. However a freshly generated manual report lists 3 entirely different accounts with expiry in 11, 12, and 12 days respectively. None of the accounts in one list are also in the other list.