Before Windows Server 2008, passwords were only managed via the Default Domain Policy GPO. From Windows Server 2008, Microsoft introduces Password Settings Object (PSO) . A Password Settings Object (PSO) is an Active Directory object that enables to apply Fine-Grained password policy linked to users or groups object. However in Windows Server 2008, PSO could only be created with PowerShell command. This object contains all password settings that you can find in the Default Domain Policy GPO (password history, complexity, length etc.). A PSO can be applied to users or groups. When PSO is applied on some users, there are no longer using password policy from Default Policy Settings GPO. Instead they use the PSO settings. Because PSO can be applied to a group, a user can be linked to two PSO. However only one PSO can be applied to users. So in this case an RSoP (Resultant Set of Policy) must be calculated to apply one PSO. The RSoP calculation is based on a PSO parameter called Precedence which is a number. The PSO with the lowest number win and is applied. So the lowest Precedence number is always applied.