Link to home
Create AccountLog in
Avatar of sphaerapharma
sphaerapharmaFlag for India

asked on

Not able to change password

Hi experts,

Whenever our domain user trying to change password their meachine , they're are geting error message.

UNABLE TO UPDATE THE PASSWORD. THE VALUE PROVIDED FOR THE NEW PASSWORD DOES NOT MEET THE LENGTH, COMPLEXITY, OR HISTORY REQUIREMENT OF THE DOMAIN.


Password  GPO Details on our serevr.
 

24 passwords remembered

42 days max password age

 1 day min password age

7 characters Minimum password length

Password must meet complexity requirements (capital letter, small letter and one digit or non-alphabetic, also not more then 3 characters from the username)

Thanks
Avatar of rishimehta01
rishimehta01
Flag of India image

Can you try this password :

p@ssw0rd

Avatar of sphaerapharma

ASKER

hello rishimehta01,

I try the same but, still i am getting the sam error.


Thanks.
Avatar of Naranthiran D
You  can also change the Password  complexity requirements in the same GPO details..
If you donot want to change the policy complexity requirement, then try

password@123.

P@ssw0rd

Hi Naranthiran,

I tryed the same, what i diid.
i disable the passowrd complexity requirement in the same GPO, but still i am getting the sam error message.


 
Hi Rishi

Neither of the passwords are working. Is it possible that my GPO is not working fine!!

Do i need to restart my AD-DC server? Will it address the issues?
After you change the GP type this in command prompt.
gpupdate/force

if you have not restarted the server and you donot want to restart it now....then you can try immediate update...by using command :

gpupdate /force.
Hi Rajkumar,

I allready done all the need full, but the issue is still same.

Are you aware that for domain accounts, the correct GPO that controls this is the Default Domain Controllers policy?

A common mistake is to change this in the Default Domain Policy, but this would only configure the password policy used by domain member machines locally - not applicable to domain user accounts, which are authenticated and handled by the Domain Controllers.
Also, to be sure you're aware, if the minimum password age is 1 day (the default), this means that users cannot change their password within 24 hours after it's been changed - it would result in the error message you mentioned. The purpose of this is to prevent users from quickly cycling through enough passwords so they can change back to the original one, in effect defeating the password change policy. Whether you want this option or not depends on your what your users are like - I personally prefer not to have this restriction (set it to 0) but make sure enough previous passwords are remembered. There's probably not many users willing to go through 24 password changes in order to keep using the original password.

This minimum password age restriction does of course not apply to administratively resetting the password.
Make sure that the GPO is applied for the default domain policy, nit the default domain controller policy, additionally, you have to check whether the policy is up and running by forcing the policy update either by command (gpupdate)or by restarting the server after policy modification.
ASKER CERTIFIED SOLUTION
Avatar of Anton74
Anton74
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account