I have a very irritating issue that I am unable to solve and would very much appreciate some help with if at all possible.
I have 3 Domain Controllers running Windows Server 2008 R2 32bit Edition with you bog standard Active Directory Setup.
We have our password policy set to expire after 50 days and at 14 days to expiry we prompt our users to change their password.
We have a password policy of a minimum of 6 characters with numbers, letters and an uppercase and also we have set the server to remember the last seven used passwords.
If at any point a user tries to change their password in the 14 day grace period it won't work and throws out the usual password complexity error even though they are using the correct procedures. Just in case users are being users, I have gone to their workstation and entered something totally unique (one of our admin passwords) and it still doesn't work. If the users let the password run out to the last day and try to enter a new one, we have the same problem.
As a hopeless work around we get the users come to our desks and enter a new password from the active directory which then keeps them ticking over for the next 50 days.
We would like to lower the password expiry limit, but as people have huge issues adding a new password it seems a bit pointless at this stage.
Can anyone help with this at all - the event logs don't really seem to be any use and just state that they are not following the password requirements.