DarkStarZA
asked on
Chang AD password to not meet complexity?
I need to change a password for a user account in a Server 2003 domain. The problem is I need to set the password to something that does not meet the complexity requirements imposed on the domain. I tried using an ADSI script with objUser.SetPassword(), but it still checks the complexity and subsequently fails.
I know I can disable the complexity across the whole domain, but that's like blowing up your house to kill a cockroach inside.
Is there any way to change an AD password on a user account to something that does not meet the complexity requirements? If so, how?
I know I can disable the complexity across the whole domain, but that's like blowing up your house to kill a cockroach inside.
Is there any way to change an AD password on a user account to something that does not meet the complexity requirements? If so, how?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The account is part of our Cisco Call Manager and is a once off thing. The password was set on the Cisco side where it generates an encrypted password with only capitals and numbers. Our Complexity policy is three out of capital, lower, number and non-alphabetical. We want to set the AD password to the same one CCM generates.
We eventually disabled the complexity police, changed the password and enabled it again and it worked. Thanks for the replies.
We eventually disabled the complexity police, changed the password and enabled it again and it worked. Thanks for the replies.
What are your current complexity requirements, and why does this account not have to meet the complexity requirements?
Or, in other words, if this is sort of a "one-time" setting that doesn't need to be changed too often, you can disable the complexity requirements, set the password, and enable the complexity requirements again.
Then again, you can construct passwords that actually meet the complexity requirements, but aren't really complex (P@ssw0rd isn't too complex, but meets the standard requirements of Server 2003), that's why I'm asking what this account is used for.
If this is more than a one-time effort, and it *has* to be implemented, you could try Anixis' Password Policy Enforcer (http://www.anixis.com/products/ppe/default.htm).