GPO Password Policy
Dear Experts,
This is currently my client's GPO Password settings.
The issue is when a user tried to change the password, the error message says that it does not meet the complexity.
Does anyone have any idea on what could be causing the issue?
This is currently my client's GPO Password settings.
The issue is when a user tried to change the password, the error message says that it does not meet the complexity.
Does anyone have any idea on what could be causing the issue?
The Default Domain Policy is the correct location to edit the password policy.
Can you run the results wizard against your PDC emulator and make sure policy is being applied without issue?
Is the user trying to change a domain account or a local account?
Do you by any chance use fine grained password policies?
Can you run the results wizard against your PDC emulator and make sure policy is being applied without issue?
Is the user trying to change a domain account or a local account?
Do you by any chance use fine grained password policies?
Hi,
How many DC's you have in the network? did you checked whether you have any replication issues between DC's?
I hope the users are giving correct password length as set in the policy? I.e - minimum password length 5 characters.
How many DC's you have in the network? did you checked whether you have any replication issues between DC's?
I hope the users are giving correct password length as set in the policy? I.e - minimum password length 5 characters.
The issue is when a user tried to change the password, the error message says that it does not meet the complexityPerhaps they are trying to reuse an old password.
PS: 5 character passwords are very weak
https://www.experts-exchange.com/articles/29569/How-to-extract-hashes-from-IFM-backup.html
ASKER
Do you by any chance use fine grained password policies?
What is fine grain policies
ASKER
Hi! Radhakrishnan R,
There is only one DC
There is only one DC
ASKER
Hi!
The user is a new user. Even he tried to use complex passwords for his domain account, it still syas that the password does not much the criteria.
Is there anyway to reset the GPO? Or maybe disable the GPO and re-enable back?
The user is a new user. Even he tried to use complex passwords for his domain account, it still syas that the password does not much the criteria.
Is there anyway to reset the GPO? Or maybe disable the GPO and re-enable back?
Are there any other GPO linked to the domain object? If so, is there a password policy configured in it?
ASKER
Hi! Jeremy,
I am not sure if I should remove the password policy and create a new policy for the OU - Users only.
I am not sure if I should remove the password policy and create a new policy for the OU - Users only.
You can reset the password in ADUC and it should take it if history is an issue.
Is this a domain account or a local account?
Is this a domain account or a local account?
ASKER
Hi!
I created a test domain account and tried to change the domain password and it says "Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain."
The password is a new password also could not be changed.
I created a test domain account and tried to change the domain password and it says "Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain."
The password is a new password also could not be changed.
Back to my first suggestion: can you run GP results in the D.C. And see what password policy is being applied?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Self resolved.
Set it to something like 1 day, not 0. Zero means user can self-rotate back to old password meaning user can have the same password for years
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
I have recommended this question be closed as follows:
Accept: Kevin Hong (https:#a42262762)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
seth2740
Experts-Exchange Cleanup Volunteer
I have recommended this question be closed as follows:
Accept: Kevin Hong (https:#a42262762)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
seth2740
Experts-Exchange Cleanup Volunteer
ASKER
We set it to 0 days because the user is a new staff and so when the user logs in the first time, the user will want to change the password to something the user is familiar with and not the password set by the administrator.
Create the account with an unique temporary password, this way you can use 0
Go edit the Default Domain Controllers Policy, you should see what you want then.