Solved

Chang AD password to not meet complexity?

Posted on 2007-04-03
3
1,295 Views
Last Modified: 2012-05-05
I need to change a password for a user account in a Server 2003 domain. The problem is I need to set the password to something that does not meet the complexity requirements imposed on the domain. I tried using an ADSI script with objUser.SetPassword(), but it still checks the complexity and subsequently fails.

I know I can disable the complexity across the whole domain, but that's like blowing up your house to kill a cockroach inside.

Is there any way to change an AD password on a user account to something that does not meet the complexity requirements? If so, how?
0
Comment
Question by:DarkStarZA
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 500 total points
ID: 18843432
Unfortunately what you're describing will not be possible until Longhorn.  In 2000 & 2003 AD, you can only have one password policy per domain; you cannot disable the complexity requirement for one user or a subset of users within the domain.

It gets better in Longhorn, though I know that doesn't help you now.  Your only current option, as you describe, is the "blowing up your house" choice.

Wish I had better news for you.

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0
 
LVL 85

Expert Comment

by:oBdA
ID: 18844840
Is this a special account?
What are your current complexity requirements, and why does this account not have to meet the complexity requirements?
Or, in other words, if this is sort of a "one-time" setting that doesn't need to be changed too often, you can disable the complexity requirements, set the password, and enable the complexity requirements again.
Then again, you can construct passwords that actually meet the complexity requirements, but aren't really complex (P@ssw0rd isn't too complex, but meets the standard requirements of Server 2003), that's why I'm asking what this account is used for.
If this is more than a one-time effort, and it *has* to be implemented, you could try Anixis' Password Policy Enforcer (http://www.anixis.com/products/ppe/default.htm).
0
 

Author Comment

by:DarkStarZA
ID: 18848792
The account is part of our Cisco Call Manager and is a once off thing. The password  was set on the Cisco side where it generates an encrypted password with only capitals and numbers. Our Complexity policy is three out of capital, lower, number and non-alphabetical. We want to set the AD password to the same one CCM generates.

We eventually disabled the complexity police, changed the password and enabled it again and it worked. Thanks for the replies.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question