The GPOs are essentially a part microsoft windows, the handling via RSAT Tools should be the same for a UCS domain. The following links explains GPOs and the creation of them: https://technet.microsoft.com/en-us/library/hh147307(v=ws.10).aspx
Basically, you create a GPO and "attach" it to a user/group/OU - it will work for all underlying objects (except UCS DCs - see the paragraph below). For domain-wide changes, you could modify the "default domain policy" for example.
But I need to clarify something: your current issue goes a little bit deeper: currently UCS cannot use/implement GPO-Setting (clients can and will, but the UCS DC cannot) - that is the reason your settings are not replicated. If you want to have these passwordsettings you need to either set them via UCS UDM-Policy (UMC - LDAP - Policies) or via "
# samba-tool passwordsettings" on the console.