Why password change failed with the new 2k12 AD domain?

Posted on 2014-12-29
Last Modified: 2015-01-04
This is a newly-setup MS Windows 2012 R2 AD domain. The newly-setup DC is VMware 5.5 machine. The are a couples of VMs created. However, I found one thing quite strange. Whenever user ctrl-alt-delete in their workstation, and then choose option > password change, they failed have their password change. If changing password on the DC > ad users and computer MMC is working fine. Why? What should I do to make it work?

Question by:MichaelBalack
  • 4
  • 2
LVL 34

Expert Comment

by:Seth Simmons
ID: 40521916
how does it fail?  any errors?

Author Comment

ID: 40521921
Hi Seth,

The error message:
Unable to update the password. The value provided for new password does not meet the length, complexity, or history requirement of the domain.

Author Comment

ID: 40521953
I saw some articles mentioned have to make the necessary changed on "default domain controller policy". But I tried it, also failed.
Integrate social media with email signatures

Is your company active on social media? Do you also use email signatures? Including social media icons in your email signature is a great way to get fans for free. Let all your email users know you’re on social media quickly and easily, in a single click.


Accepted Solution

MichaelBalack earned 0 total points
ID: 40521964
Both the default domain policy and default domain controller policy were set in group policy management (GPM). However, in administrative tools, found this - active directory administrative center. So, I opened it, and on the left pane, found "new password policy" with setting on the center pane.

This is what I did:

    - untick remember password history - 24
    - on the blank, add "domain users" and "domain computers"; click apply & OK

Later, I manage to change the logged user password without any restrictions.
LVL 34

Expert Comment

by:Seth Simmons
ID: 40522018
there you go; answered your own question

Author Closing Comment

ID: 40529992
It works

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Recently, I was assigned the task of performing a hardware refresh in the datacenter. The previous Windows 2008 systems were connected to the SAN via fiber channel HBA’s and among other thing, had PowerPath installed in order to provide sufficient f…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now