Hello...

We have Windows Server 2012 R2, where we have a server named AD-1 and is the primary so to speak and AD-2 is the secondary, meaning only AD-1 can send out the changes. 

We are using ADself service Plus. Not sure where to look to get the version number.

We have about 100 users, some users when they go to the portal, can change their passwords to a password they had the day before without issues, and some cannot.
I have remembered passwords to 5 , so they should not be able to change their password to one from a couple days ago?!

I'm not sure what to look for? the account profiles are pretty much the same.

Number of old passwords to be restricted during password reset is set to 5
Should I be checking something in the group policy?
Password policy in domain group policy editor is

What more should I look for to figure this out?

Any help appreciated
Thanks and have a great day!