Managing Active Directory does not always have to be complicated. If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why
Remote Desktop help needed
Good Afternoon, here is my current setup. I am running a windows server 2012 R2 as a DC inside VM. I have another box that is running server 2012 R2 also and joined to the domain. I am able to establish remote desktop connection and navigate around. But when a user needs to change their password they get this error, Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain. The GPO for this domain currently does not have and password restrictions.
Does anyone have any idea on what might be wrong?
Does anyone have any idea on what might be wrong?
Who is Participating?
Thanks for the help. I figured out what the problem was. With my GPOs I didn't have anything set for password policies but on the computer it shows that I have to wait 24 hours since my last password change. I ran the command net user /domain username. Any ideas on why is it doing that?
Unless you've disabled all the default password complexity settings for the domain there is likely some restrictions within the default domain or default domain controllers GPOs. If you've set these to not configured then the terminal server's local password policy may be generating the complexity requirements.
ok Thanks for the quick response, but where do I go to check the terminal servers local password policy?
from the terminal server open gpedit.msc and find Computer Configuration > Windows Settings > Security Settings > Account Policies > Password Policy
It's the same path from the default domain GPOs where these restrictions will be configured. I would confirm 100% from your domain GPOs using the Group Policy Management Console that this isn't configured there before altering it on the member server side.
It's the same path from the default domain GPOs where these restrictions will be configured. I would confirm 100% from your domain GPOs using the Group Policy Management Console that this isn't configured there before altering it on the member server side.
Doing what? Requiring 24 hours? If so, just set the minimum password age to 0 if you don't want that option.
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
All Courses
From novice to tech pro — start learning today.
