In short, assuming you are using password hash sync, nothing - until they decide to change/reset the password. That's when the password policy applies.
Password are stored as non-reversible hashes.
If you are using pass-through, they will need to have their passwords set (regardless of their complexity)
hth
Marcin