Solved

users can't change password, doesn't meet complexity - but does

Posted on 2013-01-28
10
17,086 Views
Last Modified: 2013-01-29
Greetings,

users get an error stating passwords don't meet complexity when manually changing  through ctrl+alt+delete, but they do. I can change in AD on server, but not at workstation with same password. Very aggravating. Multiple emails and calls from users regarding this so need some help. Searched online but found nothing pertinent yet.

Win 2003 SP2 PDC; XP Pro and Win 7 Pro desktops / laptops

THANKS!
0
Comment
Question by:rpliner
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 7

Expert Comment

by:avcontrol
ID: 38827061
Win XP have issue update AD policy unless WinXP station log off/login/restart............while Win 7 does not.
Not sure if this is the issue, but yes there should be no issue as you described.
0
 
LVL 7

Expert Comment

by:mmicha
ID: 38827081
You might want to take a peak at your Default Domain Policy.  Check your account details and make sure that "Password must meet complexity requirements" is not enabled.

This link: http://technet.microsoft.com/en-us/library/cc875814.aspx   ...  has details on where to look to find it.  It may also be present in another GPO, but a lot of the time it is in the default domain policy.
0
 
LVL 9

Expert Comment

by:TunerML
ID: 38827139
I also believe by default users can't reuse passwords even if the meet complexity requirements as per the default domain policy settings, this may also be contributing to the issue.
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 7

Author Comment

by:rpliner
ID: 38827159
Thanks for the quick replies. I'll have the user restart then login and try. I'll also make certain it's not a reused password. We want complexity enabled, and has been for a while now, but just started not allowing manually changing through ctrl alt delete.

Thx again
0
 
LVL 16

Expert Comment

by:Bruno PACI
ID: 38827374
Hi,

Don't forget that password complexity have many constraint that we usually don't remember of....

As an example:
The password can not contain the lastname
The password can not contain the firstname
The password can not contain the loginname

So if my login is "johndoe" the password @%$johndoe123@§§!! will be refused, even if it looks a bit complex !!

Also, if you just have changed the password of the user and did not check the box "the user must change the password of next logon" and if you have a minimum password age policy your user won't be able to change its password whatever the password is... That's in fact normal because the password can not be changed before the minimum password age...

So, that was just to say that there are many reason for the password change to fail with this message saying the password doesn't comply with the complexity requirements...

Until now I never have seen a case that can not be explained by the policy settings. You just have to find the policy that prohibit the change.

Have a good day.
0
 
LVL 7

Author Comment

by:rpliner
ID: 38827423
thanks PaciB. the password used for testing was 12345Qwerty! and was never used before. I checked AD and the user account does not have user cannot change password ticked. our policy, under Default Domain Security Settings, is as such:

PW history = 2 days

max PW age = 90

min PW age = 2

min PW length = 6

complexity = enabled

rvs encryption = disabled

Thanks
0
 
LVL 16

Accepted Solution

by:
Bruno PACI earned 350 total points
ID: 38827450
Ok,

I see that the min PW age is 2 days.
So if you already changed the user password more recently than 2 days the user can not rechanged it and will receive the message saying the password does not meet complexity requirements.
This is true also if an admin reset the password for the user ! The user won't be able to rechange it before 2 days.
If you wan't the user to change the password immediately you have to check the box "the user must change password at next logon". Try it and see if you can set the password you want.
0
 
LVL 5

Assisted Solution

by:msallam
msallam earned 150 total points
ID: 38827452
The password minimum age is 2 days. You cannot change it before 2 days.
It seems this is the issue.
0
 
LVL 7

Author Comment

by:rpliner
ID: 38827493
I will confirm he did not change it within the last two days, try again, and then report back.

thanks
0
 
LVL 7

Author Closing Comment

by:rpliner
ID: 38831277
thanks. worked today.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
What if you have to shut down the entire Citrix infrastructure for hardware maintenance, software upgrades or "the unknown"? I developed this plan for "the unknown" and hope that it helps you as well. This article explains how to properly shut down …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question