I inherited a domain a while back that had what I later came to find out a fine grained password policy. We were looking at trying to find where the policy was coming from and ended up editing a setting in the default domain policy. We changed the password expiration to 180 days. Ran a check from powershell
and it read that 180 day setting correctly, I went and changed it back to undefined. I just ran that same powershell command above and the setting seems to have held even the the setting in the gpo is undefined.
Now we have passwords expiring that shouldn't. My question is why is that setting still being seen? I have checked every GPO on each DC and they all show that computer configuration/Windows Settings\Security Settings\Account Policies\Password Policy as undefined.
Why is this setting hanging around?