Where are password policies typically established for an Active Directory domain?

Password policies in an Active Directory domain are typically established through Group Policy. This is the correct choice because Group Policy allows for centralized management and configuration of operating system settings, applications, and user settings within an Active Directory environment. This means that administrators can implement password policies that apply uniformly across all users and computers in the domain, ensuring consistent security practices.

Group Policy Objects (GPOs) can be associated with sites, domains, and organizational units, allowing for granular control over the application of security policies, including password complexity requirements, minimum and maximum password age, and account lockout policies. This centralized approach helps streamline administration and enforce security across all users within the domain.

Other options may relate to security policies, but they do not provide the same level of centralized management and applicability across the domain as Group Policy does. For instance, local policies are applied at the individual machine level and do not affect other machines or users in a network. Security settings could refer to various configurations that might be seen in different administration tools, but they are not specifically where the password policies for an entire domain are established. The domain controller's role is involved in enforcing these policies, but it is through Group Policy that they are defined and applied.