Updates to a Windows 2008 Fine grained password policy are not being applied to a Quest Authentication Services (QAS) user.
This is also known as a Password settings object (PSO)
The Fine grained password policy is read by the account used to join the server to the domain.
By default the policy cannot be read by the computer object. (host/)
Quest Authentication Services will have outdated settings if the policy is updated after the inital join.
Run the following command to keep the policy updated after the join:
# /opt/quest/bin/vastool -u <admin account> flush pwdpolicies
To display the current settings for a particular user use the following command:
# /opt/quest/bin/vastool -u <admin account> info adsecurity -u <username>