We just recently released the product to our users to register.  Some have attempted to change their passwords and I'm see a LOT of the subject errors in the Change Password Audit Report.  Some are successful, but most are giving the subject error (shown below).  I've checked the policy and the root of the domain is checked and the "Don't inherit child OU(s)" is UNchecked.  I don't have to select every sub OU for the user accounts, do I?  The successful user is in an OU that is under the main OUs of the domain, so I can only assume that ALL OUs are inheriting the policy.