For CA Identity Manager's password synchronization you can choose to either manage the password quality on your endpoint, on Identity Manager or both. If it is on both then CA Identity Manager's password policy should be the same or weaker than Active Directory.
For this use case, you are not managing your passwords through Provisioning Manager - only through your Active Directory endpoint. However, the passwords are being rejected for quality even though they meet the password requirements for your Active Directory.
Additionally, if you look into your password profile settings on the password sync agent machine, the attribute Profile_Enabled is set to yes, even though you are not using a password profile in Provisioning Manager.
In Provisioning Manager your password profile is blank and disabled, it should look like this:
.jpg)