Not able to change password

Hi experts,

Whenever our domain user trying to change password their meachine , they're are geting error message.


Password  GPO Details on our serevr.

24 passwords remembered

42 days max password age

 1 day min password age

7 characters Minimum password length

Password must meet complexity requirements (capital letter, small letter and one digit or non-alphabetic, also not more then 3 characters from the username)

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Can you try this password :


sphaerapharmaAuthor Commented:
hello rishimehta01,

I try the same but, still i am getting the sam error.

Naranthiran DSystem AdministratorCommented:
You  can also change the Password  complexity requirements in the same GPO details..
Starting with Angular 5

Learn the essential features and functions of the popular JavaScript framework for building mobile, desktop and web applications.

If you donot want to change the policy complexity requirement, then try



sphaerapharmaAuthor Commented:
Hi Naranthiran,

I tryed the same, what i diid.
i disable the passowrd complexity requirement in the same GPO, but still i am getting the sam error message.

sphaerapharmaAuthor Commented:
Hi Rishi

Neither of the passwords are working. Is it possible that my GPO is not working fine!!

Do i need to restart my AD-DC server? Will it address the issues?
After you change the GP type this in command prompt.

if you have not restarted the server and you donot want to restart it now....then you can try immediate using command :

gpupdate /force.
sphaerapharmaAuthor Commented:
Hi Rajkumar,

I allready done all the need full, but the issue is still same.

Are you aware that for domain accounts, the correct GPO that controls this is the Default Domain Controllers policy?

A common mistake is to change this in the Default Domain Policy, but this would only configure the password policy used by domain member machines locally - not applicable to domain user accounts, which are authenticated and handled by the Domain Controllers.
Also, to be sure you're aware, if the minimum password age is 1 day (the default), this means that users cannot change their password within 24 hours after it's been changed - it would result in the error message you mentioned. The purpose of this is to prevent users from quickly cycling through enough passwords so they can change back to the original one, in effect defeating the password change policy. Whether you want this option or not depends on your what your users are like - I personally prefer not to have this restriction (set it to 0) but make sure enough previous passwords are remembered. There's probably not many users willing to go through 24 password changes in order to keep using the original password.

This minimum password age restriction does of course not apply to administratively resetting the password.
Make sure that the GPO is applied for the default domain policy, nit the default domain controller policy, additionally, you have to check whether the policy is up and running by forcing the policy update either by command (gpupdate)or by restarting the server after policy modification.
Sorry, that's not correct, it should be changed in the Default Domain Controller policy, since you want to change the password policy for domain user accounts (as stated by the asker), which is handled by the Domain Controllers. Well, you could conceivably create a new, separate GPO for it, and make sure it applies to the DC's (and has precedence over the password policy in the Default Domain Controllers GPO, or un-configure the password policy entries in there), but the logical thing would be to edit the Default Domain Controller GPO.

Like I said before, the Default Domain Policy GPO applies to normal member machines, and so changing password policy there would only change how **local** (non-domain) accounts are handled by the individual machines that are not DCs.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.