ESi911
asked on
Can't reset Domain User Account Password
I am running AD on 2003 servers. Just added 2 additional DCs running Server 2008 R2. When I (as a domain admin) attempt to reset users passwords to the previously used password I now get an error 'Failed to reset the password for <User's Full Name>. The error is: Failed to set the password for the object. The password does not meet the length, complexity, or history requirement of the domain. I never had this problem prior adding a couple 2008 DCs to our network. We have made no changes to group policy password rules since adding the 2 2008 DCs. Please advise what could be causing this issue.
Thanks,
Mike
Thanks,
Mike
ASKER
Thanks for taking the time to respond.
Password must meet complexity requirements option is enabled.
Minimum password length is 8. The password meets that requirement.
As I noted in my original post, I am in fact trying to reset the password to a previously used password. In fact it would be their most recent used one. I have always been able to do this for our users through ADUC as a domain admin prior to installing the 2008 DCs. I understand doing this violates the 'Enforce password history' setting but it always worked in the past. My main reason for doing this is to resolve issues for users who might be travelling and have issues with their password. It's much simpler than changing them to a new password while they are working remotely.
Thanks,
Mike
Password must meet complexity requirements option is enabled.
Minimum password length is 8. The password meets that requirement.
As I noted in my original post, I am in fact trying to reset the password to a previously used password. In fact it would be their most recent used one. I have always been able to do this for our users through ADUC as a domain admin prior to installing the 2008 DCs. I understand doing this violates the 'Enforce password history' setting but it always worked in the past. My main reason for doing this is to resolve issues for users who might be travelling and have issues with their password. It's much simpler than changing them to a new password while they are working remotely.
Thanks,
Mike
Yes it is true that you can bypass the policy to reset the password to an old one from within Server 2003 AD. I believe this stil works with Server 2008 as well.
Does the password that the user was previously using( the one you are trying to reset it to) meet the complexity requirements? Usually this means it will need at least 3 of the following in the password.
English uppercase characters (A through Z)
English lowercase characters (a through z)
Base 10 digits (0 through 9)
Non-alphabetic characters (for example, !, $, #, %)
Does the password that the user was previously using( the one you are trying to reset it to) meet the complexity requirements? Usually this means it will need at least 3 of the following in the password.
English uppercase characters (A through Z)
English lowercase characters (a through z)
Base 10 digits (0 through 9)
Non-alphabetic characters (for example, !, $, #, %)
ASKER
It appears to me to satisfy 3 of those requirements. The password I'm trying to use is Auwrnxpg1 (Exact format but I changed the letters around).
Yep, that looks to be good.
Can you try to reset it to another password just to see if maybe the problem is with using the current password? If it works, then try changing it back to the old password.
Can you try to reset it to another password just to see if maybe the problem is with using the current password? If it works, then try changing it back to the old password.
ASKER
Hmm, well to keep from hosing an active user I created a test account and set a password. I then attempted to change the password to the same password I was trying to use from above. It fails with the same message. It did allow me to then reset the password back to what I used when I created the test account. So, it appears to have something to do with the choice of password however, the password appears to meet the requirements. Any ideas?
Well, it seems that it worked with the test account, so maybe change the password to something different for the user account and see if you can then change back, like you did with the test account?
ASKER
Ok, I'll get in touch with the user and give that a try. May be tomorrow before I can reach him.
Thanks
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yeah could be, I had not tried it from the new tool.
ASKER
Was able to get around my problem by using ADUC instead of the new Active Directory Administrative Center.
Also, is the password that you are trying to reset it to meet the character length that you have set under "Minimum password length" under Password Policy?
Please make sure that the password is not a previous password as well.