OTS_Tech
asked on
Users Cannot Change Password
This is a brand new domain, I just set it up on a brand new server. The computers were previously in a Workgroup, peer to peer environment. All the computers have been added to the domain without issue but nobody can change their password. I have read through several possible solutions, there are no additional group policies, they are working off the default that has the minimum password age to be 1 day but it's now far past a day that they've been working within these accounts and they still cannot change their passwords. They get a message that they are failing to meet the requirements and it lists out password length, complexity, repeating old passwords, etc. I have tried passwords that I know fit the criteria but it doesn't work. I created a test account and tried to set it to need it's password changed at first logon. It prompted and let me change it, then it said that the login method was not allowed. I was on the server because that's the system I have remote access to. I don't want to end up locking the users out of their accounts if I check the change password box within their accounts. Thoughts or ideas?
Can you post the password policy settings?
ASKER
Yes, see attached...
Capture.JPG
Capture.JPG
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
Jeremy,
My passwords are always something off the wall, but I'm sure it doesn't contain an actual word, is at least 8 characters, has both an upper and lower case letter, and a special character. I might use something like: Eos@Wt4m
It should be accepted. They told me the passwords they were trying and they also should be accepted. We need them to be able to change their own passwords ultimately.
Thank you.
My passwords are always something off the wall, but I'm sure it doesn't contain an actual word, is at least 8 characters, has both an upper and lower case letter, and a special character. I might use something like: Eos@Wt4m
It should be accepted. They told me the passwords they were trying and they also should be accepted. We need them to be able to change their own passwords ultimately.
Thank you.
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
Hi Jeremy,
I ran that command and it did return the same information, stating the Winning GPO is the Default Domain Policy throughout the Account/Password Policy section. I've created no other policies.
I'm sure they are logged into the domain because I personally tried it at a workstation that I logged the user in myself. I had created the account previously but the user hadn't logged in yet so I logged them in to get them logged in properly then tried to change the password.
When I had read up on this I was sure it was going to be a minimum age issue based on what I found and then I found that the minimum age is 1 day. Is there any possibility that something isn't talking properly within the domain? I don't know what to check for that, for example if for some reason AD isn't communicating properly with the Group Policy so the result is this.
Thank you,
Beth
I ran that command and it did return the same information, stating the Winning GPO is the Default Domain Policy throughout the Account/Password Policy section. I've created no other policies.
I'm sure they are logged into the domain because I personally tried it at a workstation that I logged the user in myself. I had created the account previously but the user hadn't logged in yet so I logged them in to get them logged in properly then tried to change the password.
When I had read up on this I was sure it was going to be a minimum age issue based on what I found and then I found that the minimum age is 1 day. Is there any possibility that something isn't talking properly within the domain? I don't know what to check for that, for example if for some reason AD isn't communicating properly with the Group Policy so the result is this.
Thank you,
Beth
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Please post back if you have any query.
ASKER
In the end, I set their Group Policies as they needed to be set. I then went to each profile and forced them to change their password at their next logon. This resolved the issue. I'm not sure if the new group policies resolved the issue or just forcing them to change their passwords cleared whatever issue was holding them back.