Improve company productivity with a Business Account.Sign Up

x
?
Solved

users can't change password, doesn't meet complexity - but does

Posted on 2013-01-28
10
Medium Priority
?
19,009 Views
Last Modified: 2013-01-29
Greetings,

users get an error stating passwords don't meet complexity when manually changing  through ctrl+alt+delete, but they do. I can change in AD on server, but not at workstation with same password. Very aggravating. Multiple emails and calls from users regarding this so need some help. Searched online but found nothing pertinent yet.

Win 2003 SP2 PDC; XP Pro and Win 7 Pro desktops / laptops

THANKS!
0
Comment
Question by:king daddy
10 Comments
 
LVL 7

Expert Comment

by:avcontrol
ID: 38827061
Win XP have issue update AD policy unless WinXP station log off/login/restart............while Win 7 does not.
Not sure if this is the issue, but yes there should be no issue as you described.
0
 
LVL 7

Expert Comment

by:mmicha
ID: 38827081
You might want to take a peak at your Default Domain Policy.  Check your account details and make sure that "Password must meet complexity requirements" is not enabled.

This link: http://technet.microsoft.com/en-us/library/cc875814.aspx   ...  has details on where to look to find it.  It may also be present in another GPO, but a lot of the time it is in the default domain policy.
0
 
LVL 9

Expert Comment

by:TunerML
ID: 38827139
I also believe by default users can't reuse passwords even if the meet complexity requirements as per the default domain policy settings, this may also be contributing to the issue.
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
LVL 7

Author Comment

by:king daddy
ID: 38827159
Thanks for the quick replies. I'll have the user restart then login and try. I'll also make certain it's not a reused password. We want complexity enabled, and has been for a while now, but just started not allowing manually changing through ctrl alt delete.

Thx again
0
 
LVL 16

Expert Comment

by:Bruno PACI
ID: 38827374
Hi,

Don't forget that password complexity have many constraint that we usually don't remember of....

As an example:
The password can not contain the lastname
The password can not contain the firstname
The password can not contain the loginname

So if my login is "johndoe" the password @%$johndoe123@§§!! will be refused, even if it looks a bit complex !!

Also, if you just have changed the password of the user and did not check the box "the user must change the password of next logon" and if you have a minimum password age policy your user won't be able to change its password whatever the password is... That's in fact normal because the password can not be changed before the minimum password age...

So, that was just to say that there are many reason for the password change to fail with this message saying the password doesn't comply with the complexity requirements...

Until now I never have seen a case that can not be explained by the policy settings. You just have to find the policy that prohibit the change.

Have a good day.
0
 
LVL 7

Author Comment

by:king daddy
ID: 38827423
thanks PaciB. the password used for testing was 12345Qwerty! and was never used before. I checked AD and the user account does not have user cannot change password ticked. our policy, under Default Domain Security Settings, is as such:

PW history = 2 days

max PW age = 90

min PW age = 2

min PW length = 6

complexity = enabled

rvs encryption = disabled

Thanks
0
 
LVL 16

Accepted Solution

by:
Bruno PACI earned 1400 total points
ID: 38827450
Ok,

I see that the min PW age is 2 days.
So if you already changed the user password more recently than 2 days the user can not rechanged it and will receive the message saying the password does not meet complexity requirements.
This is true also if an admin reset the password for the user ! The user won't be able to rechange it before 2 days.
If you wan't the user to change the password immediately you have to check the box "the user must change password at next logon". Try it and see if you can set the password you want.
0
 
LVL 5

Assisted Solution

by:msallam
msallam earned 600 total points
ID: 38827452
The password minimum age is 2 days. You cannot change it before 2 days.
It seems this is the issue.
0
 
LVL 7

Author Comment

by:king daddy
ID: 38827493
I will confirm he did not change it within the last two days, try again, and then report back.

thanks
0
 
LVL 7

Author Closing Comment

by:king daddy
ID: 38831277
thanks. worked today.
0

Featured Post

Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Can you run Linux on a Windows system?  Yep.  Here's how.
One thing I've always found frustrating is no matter how many times one asks the end users to not save things on their local machines, they do it anyway.  Forget that we don't back up the desktops - only the servers.  Well, let's sneak their data on…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

606 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question