Solved

Chang AD password to not meet complexity?

Posted on 2007-04-03
3
1,287 Views
Last Modified: 2012-05-05
I need to change a password for a user account in a Server 2003 domain. The problem is I need to set the password to something that does not meet the complexity requirements imposed on the domain. I tried using an ADSI script with objUser.SetPassword(), but it still checks the complexity and subsequently fails.

I know I can disable the complexity across the whole domain, but that's like blowing up your house to kill a cockroach inside.

Is there any way to change an AD password on a user account to something that does not meet the complexity requirements? If so, how?
0
Comment
Question by:DarkStarZA
3 Comments
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 500 total points
ID: 18843432
Unfortunately what you're describing will not be possible until Longhorn.  In 2000 & 2003 AD, you can only have one password policy per domain; you cannot disable the complexity requirement for one user or a subset of users within the domain.

It gets better in Longhorn, though I know that doesn't help you now.  Your only current option, as you describe, is the "blowing up your house" choice.

Wish I had better news for you.

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0
 
LVL 83

Expert Comment

by:oBdA
ID: 18844840
Is this a special account?
What are your current complexity requirements, and why does this account not have to meet the complexity requirements?
Or, in other words, if this is sort of a "one-time" setting that doesn't need to be changed too often, you can disable the complexity requirements, set the password, and enable the complexity requirements again.
Then again, you can construct passwords that actually meet the complexity requirements, but aren't really complex (P@ssw0rd isn't too complex, but meets the standard requirements of Server 2003), that's why I'm asking what this account is used for.
If this is more than a one-time effort, and it *has* to be implemented, you could try Anixis' Password Policy Enforcer (http://www.anixis.com/products/ppe/default.htm).
0
 

Author Comment

by:DarkStarZA
ID: 18848792
The account is part of our Cisco Call Manager and is a once off thing. The password  was set on the Cisco side where it generates an encrypted password with only capitals and numbers. Our Complexity policy is three out of capital, lower, number and non-alphabetical. We want to set the AD password to the same one CCM generates.

We eventually disabled the complexity police, changed the password and enabled it again and it worked. Thanks for the replies.
0

Join & Write a Comment

[b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now