Windows Logon - Actived Directory Password Policy Issues

Dear Experts,

I have a very irritating issue that I am unable to solve and would very much appreciate some help with if at all possible.

I have 3 Domain Controllers running Windows Server 2008 R2 32bit Edition with you bog standard Active Directory Setup.

We have our password policy set to expire after 50 days and at 14 days to expiry we prompt our users to change their password.

We have a password policy of a minimum of 6 characters with numbers, letters and an uppercase and also we have set the server to remember the last seven used passwords.

If at any point a user tries to change their password in the 14 day grace period it won't work and throws out the usual password complexity error even though they are using the correct procedures. Just in case users are being users, I have gone to their workstation and entered something totally unique (one of our admin passwords) and it still doesn't work. If the users let the password run out to the last day and try to enter a new one, we have the same problem.

As a hopeless work around we get the users come to our desks and enter a new password from the active directory which then keeps them ticking over for the next 50 days.

We would like to lower the password expiry limit, but as people have huge issues adding a new password it seems a bit pointless at this stage.

Can anyone help with this at all - the event logs don't really seem to be any use and just state that they are not following the password requirements.

Many thanks!
rosshutsAsked:
Who is Participating?
 
JHallidayChief Technical OfficerCommented:
Have you checked to see if you have set the minimum password age to be more than 1 day ? If this is set too high (say 40 days) you will get an error message if you try and change the password earlier.  Ideally this should be set to 1 day.
Capture.JPG
0
 
Brian PiercePhotographerCommented:
OK I assume that you have set the password policy in the default domain policy - (unless you have implimented fine grained password policies then you can only have a single policy per domain)

When you say
"We have a password policy of a minimum of 6 characters with numbers, letters and an uppercase and also we have set the server to remember the last seven used passwords."
I assume you have set enabled password complexity. - make sure that the users are entering passwords which meet the following conditions
1. At least one lowercase letter
2. At least one uppercase letter
3. At least one number 0-9
4. At least one symbol eg ($ ! # )
three out of the above four must be met
0
 
rosshutsAuthor Commented:
Hi There,

Thanks for your quick response.

Sorry I should have said that we have enabled password complexity.

The passwords the users are trying do meet 3 out of the 4 and also our domain admin password meets the requirements as well. When I try and use the Dom Admin password on one of the users who needs to set a new password it fails or at least the error message pops up stating we haven't met the requirements.

I have also tried complex ones like ExL0gs1! and P4ssw0rd2010 and even simpler ones like Today17 which used to work perfectly.

I see where your coming from in that the only reason the system would reject the passwords if we don't meet the complexity requirements but I am 100% sure we are.

Thanks.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
rosshutsAuthor Commented:
Hi,

Just checked the GPO and it was set to 50 days minimum and the maximum was 55.

Changed the minimum to 1 day and went to the user who had the issue this morning and asked him to logout and try a new password and it worked immediately!!

Thanks very much for your help on this one!!!

Cheers.
0
 
rosshutsAuthor Commented:
Awesome!
0
 
JHallidayChief Technical OfficerCommented:
No problem.  Glad you have got it sorted :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.