Group Policy Setting for Minimum Password Age = 0 not working
Posted on 2008-10-07
I have a brand new Windows Server 2008 SP1 64-bit server installed with AD, Exchange 2007 SP1, etc.
I have a group policy configured and applied to my domain that includes a password policy. Specifically, the password policy setting of Minimum Password Age is set to 0 (so that users can change their password immediately). The default used to be set to 1. However, something is not working. If I reset a user's password for maintenance then ask them to change it - they are unable to. If they wait a day, then it works. It should be noted that I'm using the default domain policy (yes it is enforced) and I have it applied to all other users. I know the policy works because I see other evidence that it was applied.
I know that Server 2008 provides for password enforcement through AD but I have not configured any of that. I've loaded ADSI edit and explored the settings and cannot find anything configured under System/Password Settings Container.
By the way, I have tried gpupdate /force, reboots, logoff's, etc... nothing works.
I have no idea where else to look? Any ideas? Is there a way I can review the applied password policy on the user's system to verify that it was set correctly? Is something else overriding it?