How does Active Directory check for compliance with Password Complexity without reversible encryption enabled

view story

http://serverfault.com – We recently enabled password complexity requirements in our company and I noticed that users already having complex passwords weren't forced to change their password but everyone else was required to. Now the question is how does AD confirm password complexity when reversible encryption is not enabled? The only way I can think of is to set a policy/flag to do the check for password complexity client-side when the user tries to log in. If the "client machine" notices that the password being used is valid but not complex it initiates the password change procedure. Can anyone confirm or shed so (HowTos)