Within a PSO, an administrator can define specific password configurations, including password complexity requirements, minimum password age, account lockout duration, account lockout threshold, and maximum password length (AD DS: Fine grained, 2012). A group can have multiple PSOs defined, but the priority setting of the object will determine which settings are applied. When a user has been assigned a PSO, the default domain password policy is