Solved

Chang AD password to not meet complexity?

Posted on 2007-04-03
3
1,289 Views
Last Modified: 2012-05-05
I need to change a password for a user account in a Server 2003 domain. The problem is I need to set the password to something that does not meet the complexity requirements imposed on the domain. I tried using an ADSI script with objUser.SetPassword(), but it still checks the complexity and subsequently fails.

I know I can disable the complexity across the whole domain, but that's like blowing up your house to kill a cockroach inside.

Is there any way to change an AD password on a user account to something that does not meet the complexity requirements? If so, how?
0
Comment
Question by:DarkStarZA
3 Comments
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 500 total points
ID: 18843432
Unfortunately what you're describing will not be possible until Longhorn.  In 2000 & 2003 AD, you can only have one password policy per domain; you cannot disable the complexity requirement for one user or a subset of users within the domain.

It gets better in Longhorn, though I know that doesn't help you now.  Your only current option, as you describe, is the "blowing up your house" choice.

Wish I had better news for you.

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0
 
LVL 83

Expert Comment

by:oBdA
ID: 18844840
Is this a special account?
What are your current complexity requirements, and why does this account not have to meet the complexity requirements?
Or, in other words, if this is sort of a "one-time" setting that doesn't need to be changed too often, you can disable the complexity requirements, set the password, and enable the complexity requirements again.
Then again, you can construct passwords that actually meet the complexity requirements, but aren't really complex (P@ssw0rd isn't too complex, but meets the standard requirements of Server 2003), that's why I'm asking what this account is used for.
If this is more than a one-time effort, and it *has* to be implemented, you could try Anixis' Password Policy Enforcer (http://www.anixis.com/products/ppe/default.htm).
0
 

Author Comment

by:DarkStarZA
ID: 18848792
The account is part of our Cisco Call Manager and is a once off thing. The password  was set on the Cisco side where it generates an encrypted password with only capitals and numbers. Our Complexity policy is three out of capital, lower, number and non-alphabetical. We want to set the AD password to the same one CCM generates.

We eventually disabled the complexity police, changed the password and enabled it again and it worked. Thanks for the replies.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have users whose passwords are expiring and they are constantly calling you?  Well I sure did and needed a way to put an end to this.  We have a lot of remote users which would not be notified that their passwords were expiring since they wer…
So the following errors occurs in 2 ways that I am aware of at this stage, and you receive one of the following error messages: ERROR 1. When trying to save a rule: No Web listener is specified for the Web publishing rule Autodiscovery Publishin…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now