Windows domain - "forget" a single user's password history

Posted on 2013-09-20
Medium Priority
Last Modified: 2013-09-28
My password policy on the domain enforces password complexity, minimum/maximum length, minimum/maximum age, and also password history.

Every once in a while, I have a user who forgets their password and I reset it for them to something temporary. But when this happens, they can't set it back to the original password they were using because of the password history.

Is there a way to tell Windows to clear a single domain user's password history?
Question by:Frosty555
LVL 53

Accepted Solution

Will Szymkowski earned 2000 total points
ID: 39509212
This cannot be done. Only thing you can do is create a PSO (fine grained password policy) on a specific OU where the user account lives. From there is gives you the flexability to create other password policies.

Catch is you need to be at a minimum 2008 Forest/Domain functional level.

See the link below for details on setting this up..



Expert Comment

by:Mike Roe
ID: 39509229
You cannot do this for one user unless you use third party software.

Here is a link to do it

LVL 16

Expert Comment

ID: 39509337
Spec01 is correct. You cannot do this for 2003 as you can only specify ONE password policy (at default domain level). It is possible to set separate password policies if you have at least 2008.

Why are you allowing the user to reset password back to the same password anyways?

I believe what you COULD do is open Active Directory (under your admin) and click "reset password" for that user's account and have them change the password via ActiveDirectory (versus have them changing it via upon logon). This should override the password history requirements. This of course, would require the user to be physically be accessible.
LVL 24

Expert Comment

ID: 39511118
You can have ONLY ONE password and account lockout policy in ANY 2003 AD Domain!Windows Server 2008 introduces multiple password and account lockout policiesthrough PSOs when the DFL = at least w2k8
In Windows Server 2003 Active Directory domains, you could apply only one password policy, which is specified in the domain'sDefault Domain Policy, to all users in the domain.
Windows Server 2008 has Fine-Grained Password Policies which provide organizations with a way to define different password policies for different sets of users in a domain. Here is a Step-by-Step Guide:http://technet.microsoft.com/en-us/library/cc770842(WS.10).aspx
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39512430
@ Sandeshdubey: Why repeat what i said in my first post?

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
The Windows Firewall provides an important layer of protection and a rich interface to configure it. Unfortunately, it lacks item level filtering. This article details my process of implementing firewall-as-code to reduce GPO bloat.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question