The first time the policy is invoked, the security policy will check the last password date, which appears to come from the notes.id file rather than from the person document, as you have indicated. If the last change date is greater than 90 days, then the security policy settings are applied.
In my experience, if you are going to implement security settings via policy documents, it is best to remove the previous process -- that is, standard password checking through the Domino Directory -- and then apply the security policy once password checking (i.e., Domino Directory, "Actions" menu, "Set Password Fields," "Don't Check password") has been disabled.
Dig deeper on Lotus Notes Domino Password Management
Related Q&A from Mathew Newman
SearchDomino.com Sametime administration expert Mathew Newman explains-step-by-step how to enable communication between multiple Lotus Sametime ...continue reading
If Lotus Sametime users on different "home" servers cannot see each other online, you may need to change your Sametime server awareness by creating ...continue reading
SearchDomino.com's Sametime administration expert Mathew Newman offers advice to a Lotus Notes administrator looking for resources for deploying ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.