Do you have ANY possible physical path from that interface to the vlan where the users are? Could someone have inadvertently cross-connected something unintentionally or other (even as a test)? You can forward IP requests that would cross VLAN boundaries via DHCP helper-address, but it will still only provide IP addresses suitable for the interface (and ANY interface) physically connected to the users' VLAN or physical segment.
I have seen users connect a linksys router onto a network, and the linksys will then provide bogus addresses for the network; but that's perfectly explainable, as it's effectively a DHCP server directly connected.