• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 18465
  • Last Modified:

users can't change password, doesn't meet complexity - but does

Greetings,

users get an error stating passwords don't meet complexity when manually changing  through ctrl+alt+delete, but they do. I can change in AD on server, but not at workstation with same password. Very aggravating. Multiple emails and calls from users regarding this so need some help. Searched online but found nothing pertinent yet.

Win 2003 SP2 PDC; XP Pro and Win 7 Pro desktops / laptops

THANKS!
0
rpliner
Asked:
rpliner
2 Solutions
 
avcontrolCommented:
Win XP have issue update AD policy unless WinXP station log off/login/restart............while Win 7 does not.
Not sure if this is the issue, but yes there should be no issue as you described.
0
 
mmichaCommented:
You might want to take a peak at your Default Domain Policy.  Check your account details and make sure that "Password must meet complexity requirements" is not enabled.

This link: http://technet.microsoft.com/en-us/library/cc875814.aspx   ...  has details on where to look to find it.  It may also be present in another GPO, but a lot of the time it is in the default domain policy.
0
 
TunerMLCommented:
I also believe by default users can't reuse passwords even if the meet complexity requirements as per the default domain policy settings, this may also be contributing to the issue.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
rplinerAuthor Commented:
Thanks for the quick replies. I'll have the user restart then login and try. I'll also make certain it's not a reused password. We want complexity enabled, and has been for a while now, but just started not allowing manually changing through ctrl alt delete.

Thx again
0
 
Bruno PACIIT ConsultantCommented:
Hi,

Don't forget that password complexity have many constraint that we usually don't remember of....

As an example:
The password can not contain the lastname
The password can not contain the firstname
The password can not contain the loginname

So if my login is "johndoe" the password @%$johndoe123@ยงยง!! will be refused, even if it looks a bit complex !!

Also, if you just have changed the password of the user and did not check the box "the user must change the password of next logon" and if you have a minimum password age policy your user won't be able to change its password whatever the password is... That's in fact normal because the password can not be changed before the minimum password age...

So, that was just to say that there are many reason for the password change to fail with this message saying the password doesn't comply with the complexity requirements...

Until now I never have seen a case that can not be explained by the policy settings. You just have to find the policy that prohibit the change.

Have a good day.
0
 
rplinerAuthor Commented:
thanks PaciB. the password used for testing was 12345Qwerty! and was never used before. I checked AD and the user account does not have user cannot change password ticked. our policy, under Default Domain Security Settings, is as such:

PW history = 2 days

max PW age = 90

min PW age = 2

min PW length = 6

complexity = enabled

rvs encryption = disabled

Thanks
0
 
Bruno PACIIT ConsultantCommented:
Ok,

I see that the min PW age is 2 days.
So if you already changed the user password more recently than 2 days the user can not rechanged it and will receive the message saying the password does not meet complexity requirements.
This is true also if an admin reset the password for the user ! The user won't be able to rechange it before 2 days.
If you wan't the user to change the password immediately you have to check the box "the user must change password at next logon". Try it and see if you can set the password you want.
0
 
msallamCommented:
The password minimum age is 2 days. You cannot change it before 2 days.
It seems this is the issue.
0
 
rplinerAuthor Commented:
I will confirm he did not change it within the last two days, try again, and then report back.

thanks
0
 
rplinerAuthor Commented:
thanks. worked today.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now