The domain functional level is 2008.
I have set a Fine Grained Password Policy with maximum password age of 30 days along with other settings that are similar to existing password policies. I set the precedence number to a lower number so it would have higher precedence than any other pso.
It is applied to a security group. I have checked each member of the security group effectivepso using the dsquery command and each group member shows the effecitvepso as the one configured with the new password policy maximum password age set as 30:00:00:00.
However, when I run the command net user username /domain on any of those users, the "Password expires" field still shows a date that is more than 30 days in the future. This indicates that the policy is not being enforced.
What could be causing this issue?
I have tried doing gpupdate /force and it has not changed the output of the net user command.
I reran the querey dsquery user -samid username | dsget user -effectivepso
and now it only lists the result as "effectivepso" instead of the actual pso name.
