Privileged Access Management (PAM) Admin has noticed periodically users password are not getting rotated in Active Directory.
Looking into it further, in Microsoft's Event Viewer, they are getting the Event:
Windows Event ID 4724 - which indicates that a new password does not meet the domain or local password policy. This event can occur when a user attempts to reset another account's password
There was a defined Windows Domain Policy that was using the following setting:
Disallow consecutive identical characters
defined, which we don't have the exact equivalent.
Traditionally, there should only be one Password Composition Policy in the picture and not both a PAM and Active Directory one.
Nonetheless, in this particular case, we don't have the exact setting in PAM, but updated our Password Composition Policy to also include:
after this the issue no longer appears.