Seeing how Password Reset is an admin function of AD(which requires no knowledge of the users old password), and change password requires the end user to know their password before they can change it, we noticed that users are able to click the "reset password" link on Self Service Plus and simply re-use a previous password.
Setting a minimum age in group policy does nothing, as most users are smart enough to just reset it (rather than change it) just before it expires, so its already past the minimum age, and the maximum age timer gets reset as well.
How are other folks getting around this?
On a side note(but directly related), our management team decided to use the "secure link" function as opposed to sending them a temporary password which the end user would than use to "change password".(which alleviates the entire problem).
However, they feel that sending a secure link is easier for the end user versus sending a temporary password, which they would have to use to log in to in order to change their password.