Can you find where/when this happens? Is this for *every* user profile? How do you get into the system to reset them?
Take a look at one of the profiles, is the password expired or has it been disabled by too many invalid sign-on attempts? Maybe you have a hacker trying to get into your system – do you have any external access to the machine?
Take a look at the system log (DSPLOG) for the weekend, see if you can find which job changes the user profiles. Take a look at your scheduled jobs (WRKJOBSCDE) to see whether there’s a job scheduled to do this in the weekend. Try looking at your QSYSOPR messages to see whether there’re any messages about this.