• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1088
  • Last Modified:

Can't reset Domain User Account Password

I am running AD on 2003 servers.  Just added 2 additional DCs running Server 2008 R2.  When I (as a domain admin) attempt to reset users passwords to the previously used password I now get an error 'Failed to reset the password for <User's Full Name>.  The error is: Failed to set the password for the object.  The password does not meet the length, complexity, or history requirement of the domain.  I never had this problem prior adding a couple 2008 DCs to our network.  We have made no changes to group policy password rules since adding the 2 2008 DCs.  Please advise what could be causing this issue.

Thanks,
Mike
0
ESi911
Asked:
ESi911
  • 6
  • 5
1 Solution
 
jbizzle979Commented:
Can you check that the "Password must meet complexity requirements" option under Password Policy in GPO Management is disabled or enabled?

Also, is the password that you are trying to reset it to meet the character length that you have set under "Minimum password length" under Password Policy?

Please make sure that the password is not a previous password as well.
0
 
ESi911Author Commented:
Thanks for taking the time to respond.
Password must meet complexity requirements option is enabled.
Minimum password length is 8.  The password meets that requirement.
As I noted in my original post, I am in fact trying to reset the password to a previously used password. In fact it would be their most recent used one.  I have always been able to do this for our users through ADUC as a domain admin prior to installing the 2008 DCs.  I understand doing this violates the 'Enforce password history' setting but it always worked in the past.  My main reason for doing this is to resolve issues for users who might be travelling and have issues with their password.  It's much simpler than changing them to a new password while they are working remotely.    

Thanks,
Mike
0
 
jbizzle979Commented:
Yes it is true that you can bypass the policy to reset the password to an old one from within Server 2003 AD. I believe this stil works with Server 2008 as well.

Does the password that the user was previously using( the one you are trying to reset it to) meet the complexity requirements? Usually this means it will need at least 3 of the following in the password.

English uppercase characters (A through Z)
English lowercase characters (a through z)
Base 10 digits (0 through 9)
Non-alphabetic characters (for example, !, $, #, %)
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
ESi911Author Commented:
It appears to me to satisfy 3 of those requirements.  The password I'm trying to use is Auwrnxpg1 (Exact format but I changed the letters around).
0
 
jbizzle979Commented:
Yep, that looks to be good.

Can you try to reset it to another password just to see if maybe the problem is with using the current password? If it works, then try changing it back to the old password.
0
 
ESi911Author Commented:
Hmm, well to keep from hosing an active user I created a test account and set a password.  I then attempted to change the password to the same password I was trying to use from above.  It fails with the same message.  It did allow me to then reset the password back to what I used when I created the test account. So, it appears to have something to do with the choice of password however, the password appears to meet the requirements.  Any ideas?
0
 
jbizzle979Commented:
Well, it seems that it worked with the test account, so maybe change the password to something different for the user account and see if you can then change back, like you did with the test account?

0
 
ESi911Author Commented:
Ok, I'll get in touch with the user and give that a try.  May be tomorrow before I can reach him.

Thanks
0
 
ESi911Author Commented:
Okay, I have a little more info.... ADUC allows me to set the password however the new Active Directory Administrative Center tool does not.  It gives me the error noted in my original post.  Perhaps there is a bug with the AD Administrative Center tool.
0
 
jbizzle979Commented:
Yeah could be, I had not tried it from the new tool.
0
 
ESi911Author Commented:
Was able to get around my problem by using ADUC instead of the new Active Directory Administrative Center.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now