Active Directory Password Complexity Issues
Posted on 2009-12-28
We have a small LAN with only 1 AD server on Windows 2003. We will soon need to roll out a security change to the office to require "complex" passwords. As a test, we enabled Complex passwords in AD for just the OU that the IT department logins objects are in. Our passwords were always complex, but this requirement was never turned on in AD.
When I try to change my password (through Windows XP Ctrl-Alt-Del) it tells me that the password it is not complex enough.
I can reset the password using Active directory Users and Computers (which bypasses requirements - ie: I can change the password to "pass"). The problem is when trying to change the password through Windows XP Ctrl-Alt-Del.
It says that the requirements are:
(1) 7 char long
(2) Must contain at least 3 of the following: Upper, Lower, Number Symbol.
(3) Must not contain any 2 consecutive char from you user name.
I've double checked the password and it is 13 char long, contains both Capital and lowercase letters, has 2 numbers and 1 special char. And I made sure that no 2 consecutive characters from my user name are used in the password.
MYpassword$123 (there is no "JO" or "OH" or "HN" or "N". or ".D" or "DO" or "OE" in the password)
Any ideas what could be wrong? Does the user-name for these purposes also include the "@domain.com" or "domain\" ? Even so, the passwords that I'm trying are still not using those char combos...
Could there be something wrong with the AD server?