Windows password policies through GPO are applied at the computer level. If a GPO is with a computer password policy is applied at the top “domain” level, it affects all users in AD. If a GPO with a computer password policy is applied at an OU level, it affects all local accounts on any computer that is in the affected OU tree.
Fine grained password policies have existed since windows 2008, and can be set up by creating an object in the CN=Password Settings Container,CN=System,DC=<YourAD>,DC=<domain> OU and linking this object either to a user, or a Global security group (note that it will not work for a universal group).
The process for setting up a password policy is as follows (on a 2012R2 domain controller or machine with RSAT installed):
1. Open “Active Directory Administrative Center”
2. Click on the arrows next to the domain, then “System”, then double-click on the “Password Settings Container”
3. In the right-hand menu select New->Password Settings
4. Enter a name, precedence (a lower numbered precedence will override a higher number if multiple policies are applied to the same user), then fill in the appropriate settings that you want for the password policy
5. Add items at the bottom to apply to users and/or groups
Note: The above settings can be configured using ADSI editor, but this tool checks the input more thoroughly. E.g. using ADSI editor you can select a universal group to link the password policy to, but the policy will not be applied because it will only work with global groups.