Explanation in the article above.
So basically you will have to make sure that your computer/user provisioning script override this attribute by removing the bit ADS_UF_PASSWD_NOTREQD from useraccountcontrol for every computer/user created.
This is typically automatically done by tools such as the ADUC, but apparently not by old style tools or scripts.
The reference article above; provide script to remove this PASSWD_NOTREQD bit.
Hopefully you do not have accounts with ADS_UF_PASSWD_NOTREQD.
You could still have accounts with blank passwords in case you had a domain password policy with no minimum password length.
To fix this you have to :
make sure your password policies are in line with your security policy
verify that users are required to change their passwords
verify that users don´t have “Password never expires” ticked in.