Hello there!
The short answer is that the user should see the standard "Password does not meet complexity requirements" message box that is displayed when AD denies a weak password.
The long answer is that the Password Sync Agent leverages a Microsoft API called Password Filter. When a password change request is made, the Local Security Authority (LSA) calls the password filters registered on the system. Each password filter is called twice: first to validate the new password and then, after all filters have validated the new password, to notify the filters that the change has been made. Using this model the Password Sync Agent actually verifies the password during the first call from the LSA against the IM Passsword Policies. If validation fails, the user is notified and the password is not set.
The following illustration shows this process.
In the event you'd like additional information, there is a good set of documentation by Microsoft for the Password Filter API located
here.