Link to home
Create AccountLog in
Avatar of haftrine
haftrine

asked on

Changing password policy in active directory

I cannot change the policy of the complexity of the users password.
I have checked all the policy in the active directory and disabled all the related policy also on the local domain policy.
Still users have password complexity and they are asked to change their password frequently.
I also have difficulties on applying other policies from active directory , any thing i am missing?
Avatar of PeteJThomas
PeteJThomas
Flag of United Kingdom of Great Britain and Northern Ireland image

To answer this, I'll need a little more info on how things are set up...

Are you using the Default Domain Policy to edit these settings? If so, is this policy definitely linked at the domain level or a root OU of some kind? Perhaps a screenshot of your GPMC with everything expanded would answer this... :)

And remember that the password complexity just defines how complex a users password has to be, not the length of time before they need to reset it... That is set by the Maximum Password Age settings under computer configuration > Windows Settings > Security Settings > Account Policies/Password Policy.

Pete
Account policies are defined in GPO on domain level. Changes will take effect the next time the users change their password.

As you also have problems with applying other policies, it can be a replication problem. Do you get any errors in output from netdiag run on DCs?
Avatar of haftrine
haftrine

ASKER

I am using GPMC, the Ntediag only give error in WINS that is missing, other than that everything is ok.
I have also check DCDiag everything passed too.
I have removed all the policies as i am defining new ones, still when i try to change my password it gives me the necessity to be complex although i did disable all the options related to it in the domain policy.
But is the domain policy linked to the domain in the GPMC?

Simply creating the policy is not enough, you need to link it to your domain first.

One way to test is log on to one of the PCs, and run gpresult from a command prompt - This will tell you what policies are applying to that PC and the user you are logged on with. You can post the results of gpresult back here if you're not sure what it means...

Pete
ASKER CERTIFIED SOLUTION
Avatar of PeteJThomas
PeteJThomas
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer