Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Chang AD password to not meet complexity?

Posted on 2007-04-03
3
Medium Priority
?
1,300 Views
Last Modified: 2012-05-05
I need to change a password for a user account in a Server 2003 domain. The problem is I need to set the password to something that does not meet the complexity requirements imposed on the domain. I tried using an ADSI script with objUser.SetPassword(), but it still checks the complexity and subsequently fails.

I know I can disable the complexity across the whole domain, but that's like blowing up your house to kill a cockroach inside.

Is there any way to change an AD password on a user account to something that does not meet the complexity requirements? If so, how?
0
Comment
Question by:DarkStarZA
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 2000 total points
ID: 18843432
Unfortunately what you're describing will not be possible until Longhorn.  In 2000 & 2003 AD, you can only have one password policy per domain; you cannot disable the complexity requirement for one user or a subset of users within the domain.

It gets better in Longhorn, though I know that doesn't help you now.  Your only current option, as you describe, is the "blowing up your house" choice.

Wish I had better news for you.

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0
 
LVL 85

Expert Comment

by:oBdA
ID: 18844840
Is this a special account?
What are your current complexity requirements, and why does this account not have to meet the complexity requirements?
Or, in other words, if this is sort of a "one-time" setting that doesn't need to be changed too often, you can disable the complexity requirements, set the password, and enable the complexity requirements again.
Then again, you can construct passwords that actually meet the complexity requirements, but aren't really complex (P@ssw0rd isn't too complex, but meets the standard requirements of Server 2003), that's why I'm asking what this account is used for.
If this is more than a one-time effort, and it *has* to be implemented, you could try Anixis' Password Policy Enforcer (http://www.anixis.com/products/ppe/default.htm).
0
 

Author Comment

by:DarkStarZA
ID: 18848792
The account is part of our Cisco Call Manager and is a once off thing. The password  was set on the Cisco side where it generates an encrypted password with only capitals and numbers. Our Complexity policy is three out of capital, lower, number and non-alphabetical. We want to set the AD password to the same one CCM generates.

We eventually disabled the complexity police, changed the password and enabled it again and it worked. Thanks for the replies.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question