GPO-based vs. fine-grained policies
Microsoft has two solutions for deploying the requirements for Active Directory domain users passwords. The requirements, referred to as the password policy, can be deployed through Group Policy Objects (GPOs) or through Active Directory objects called fine grained password policies (FGPPs). Both solutions have the same list of constraints, such as minimum password length and maximum password age, but the details around the implementation are radically different.
Deploying a password policy using a GPO is the seasoned solution, since it was introduced when Active Directory was released in 2000. By default, the password policy is configured in the Default Domain Policy, which is linked to the domain node. Figure 1 illustrates what the password policy has been for the past ten or more years.
Read the entire article here, GPO-based vs. fine-grained policies « ManageEngine Blogs
via the fine folks at ManageEngine