We help IT Professionals succeed at work.

Windows Logon - Actived Directory Password Policy Issues

510 Views
Last Modified: 2012-06-22
Dear Experts,

I have a very irritating issue that I am unable to solve and would very much appreciate some help with if at all possible.

I have 3 Domain Controllers running Windows Server 2008 R2 32bit Edition with you bog standard Active Directory Setup.

We have our password policy set to expire after 50 days and at 14 days to expiry we prompt our users to change their password.

We have a password policy of a minimum of 6 characters with numbers, letters and an uppercase and also we have set the server to remember the last seven used passwords.

If at any point a user tries to change their password in the 14 day grace period it won't work and throws out the usual password complexity error even though they are using the correct procedures. Just in case users are being users, I have gone to their workstation and entered something totally unique (one of our admin passwords) and it still doesn't work. If the users let the password run out to the last day and try to enter a new one, we have the same problem.

As a hopeless work around we get the users come to our desks and enter a new password from the active directory which then keeps them ticking over for the next 50 days.

We would like to lower the password expiry limit, but as people have huge issues adding a new password it seems a bit pointless at this stage.

Can anyone help with this at all - the event logs don't really seem to be any use and just state that they are not following the password requirements.

Many thanks!
Comment
Watch Question

Brian PiercePhotographer
CERTIFIED EXPERT
Awarded 2007
Top Expert 2008

Commented:
OK I assume that you have set the password policy in the default domain policy - (unless you have implimented fine grained password policies then you can only have a single policy per domain)

When you say
"We have a password policy of a minimum of 6 characters with numbers, letters and an uppercase and also we have set the server to remember the last seven used passwords."
I assume you have set enabled password complexity. - make sure that the users are entering passwords which meet the following conditions
1. At least one lowercase letter
2. At least one uppercase letter
3. At least one number 0-9
4. At least one symbol eg ($ ! # )
three out of the above four must be met

Author

Commented:
Hi There,

Thanks for your quick response.

Sorry I should have said that we have enabled password complexity.

The passwords the users are trying do meet 3 out of the 4 and also our domain admin password meets the requirements as well. When I try and use the Dom Admin password on one of the users who needs to set a new password it fails or at least the error message pops up stating we haven't met the requirements.

I have also tried complex ones like ExL0gs1! and P4ssw0rd2010 and even simpler ones like Today17 which used to work perfectly.

I see where your coming from in that the only reason the system would reject the passwords if we don't meet the complexity requirements but I am 100% sure we are.

Thanks.
Chief Technical Officer
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
Hi,

Just checked the GPO and it was set to 50 days minimum and the maximum was 55.

Changed the minimum to 1 day and went to the user who had the issue this morning and asked him to logout and try a new password and it worked immediately!!

Thanks very much for your help on this one!!!

Cheers.

Author

Commented:
Awesome!
JHallidayChief Technical Officer

Commented:
No problem.  Glad you have got it sorted :)
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.