Situation: In an identity Managed environment, where passwords are synched
back and forth from AD to an IDVault, and then on to another EDIR Tree, a
number of users inexplicably had their password expiration set to Jan 1,

To the best of my knowledge, none of these users changed their password, or
had it changed administratively. A password change is the only reason
(other than directly setting it) that a password expiration date changes,

The only correlating activity is that in the downstream/"spoke" Edirectory
tree (not the IDVault "hub") someone changed the Universal Password Policy
to increase the minimum required characters from 5 to 8. The UP Policy is
NOT set to verify password compliance at authentication.
This "should" be a transparent change, right?

So if changing the minimum characters "should" be transparent and definitely
not affect the expiration date, what scenarios could possibly cause the
dates to reset?
Could a change made by a driver be perceived as an admin change? I am
synching nspmDistributionPassword between systems, and using Distribution
Password, which I believe avoids that scenario.