Default Domain Policy password settings not working correctly

I did run an rsop and the setting matches the default domain policy, which is where it is set to 180 days.

another note, when I run "net accounts" it tells me that maximum password age is 42.....

I think I am.  I have the default domain policy, in it I have specified that passwords expire after 180 days and specifies a max password length and complexity.  This was added to the DDP a week before forcing the users to reset their passwords.  I do not have any other gpos linked at the domain level and I am not using Fine Grained Password Policies.  When I set this up I was under the impression that when a user resets their password it will then check the password settings on a gpo only at the domain level and this then applies to their account.  When I do a reset of a user now then check their account using net user /domain username before the reset it would say it expired tomorrow, 42 days from the reset.  After the reset it will say it was reset today but then lists the expiration as 180 days from today.  So the settings are working now, but nothing has changed in group policy since the week before the reset, so that is where my greatest confusion comes from.

The policy is applied to the entire OU structure, we do not have any blocking inheritance.  I have run RSOP reports on both the DCs and the workstations and they all say that the DDP is being applied.

As near as I can tell there is nothing wrong with the GPO or with it being applied.  Is their anywhere else at all that could be causing the accounts to see 42 days?

I also checked to make sure that we do not have fine grained password policies in use.  We do not.

I also tried running Get-ADDefaultDomainPasswordPolicy from PS and it lists the expiration time as 42 days.  When I run Set-ADDefaultDomainPasswordPolicy it changes it to 180 days, but after about a minute it changes it back to 42... Could this be a replication problem between my DCs?  I have 5 total and 2 are RODCs.

I think I have an idea on what was causing this.  We have 5 DCs, two are RODCs.  The one that hosts the PDC emulator was the one that all of the GP changes were being made to.  When I changed to check the GPO by specifying a different DC the Default Domain Policy had different settings.  So apparently our GPOs are not replicating between all of our DCs, and that is probably what caused the issue.  I do know that replication works for AD, DNS and DHCP so not sure why just those are not working but I am going to run a few tests and check replication logs to see.

Does this sound like anything you have run into before?

I did a check for those event errors and I found a few, all from over 6 months ago, nothing more recent than that.

Thank you all for your help!