Windows Server 2008 R2
in my group policy, i have an OU that contains all users and computers. in this OU, i created a policy such that passwords are:
enforce password history: 6
max password age: 90 days
min password age: 1 day
min password length: 8 chars
password must meet complexity requirements: enabled
this has been set many months before. prior to that, our max password age was 45 days.
now, even if i forced gpupdate, users are only getting the 45 days max password age. i'm not sure where it is coming from and why the 90 days is not being enforced.
i looked at the default domain policy and it is empty so that 45 days settings isn't coming from there.
i know my gpo works because when i do changes for IE, they are being pushed to my users just fine.
is there any other place i might have overlooked that could still be holding this 45 days max password age?