Link to home
Start Free TrialLog in
Avatar of OTS_Tech
OTS_TechFlag for United States of America

asked on

Users Cannot Change Password

This is a brand new domain, I just set it up on a brand new server.  The computers were previously in a Workgroup, peer to peer environment.  All the computers have been added to the domain without issue but nobody can change their password.  I have read through several possible solutions, there are no additional group policies, they are working off the default that has the minimum password age to be 1 day but it's now far past a day that they've been working within these accounts and they still cannot change their passwords.  They get a message that they are failing to meet the requirements and it lists out password length, complexity, repeating old passwords, etc.  I have tried passwords that I know fit the criteria but it doesn't work.  I created a test account and tried to set it to need it's password changed at first logon.  It prompted and let me change it, then it said that the login method was not allowed.  I was on the server because that's the system I have remote access to.  I don't want to end up locking the users out of their accounts if I check the change password box within their accounts.  Thoughts or ideas?
Avatar of Jeremy Weisinger
Jeremy Weisinger

Can you post the password policy settings?
Avatar of OTS_Tech

ASKER

Yes, see attached...
Capture.JPG
SOLUTION
Avatar of Jeremy Weisinger
Jeremy Weisinger

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Jeremy,

My passwords are always something off the wall, but I'm sure it doesn't contain an actual word, is at least 8 characters, has both an upper and lower case letter, and a special character.  I might use something like: Eos@Wt4m

It should be accepted.  They told me the passwords they were trying and they also should be accepted.  We need them to be able to change their own passwords ultimately.

Thank you.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Hi Jeremy,

I ran that command and it did return the same information, stating the Winning GPO is the Default Domain Policy throughout the Account/Password Policy section.  I've created no other policies.

I'm sure they are logged into the domain because I personally tried it at a workstation that I logged the user in myself.  I had created the account previously but the user hadn't logged in yet so I logged them in to get them logged in properly then tried to change the password.  

When I had read up on this I was sure it was going to be a minimum age issue based on what I found and then I found that the minimum age is 1 day.  Is there any possibility that something isn't talking properly within the domain?  I don't know what to check for that, for example if for some reason AD isn't communicating properly with the Group Policy so the result is this.

Thank you,
Beth
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Please post back if you have any query.
In the end, I set their Group Policies as they needed to be set.  I then went to each profile and forced them to change their password at their next logon.  This resolved the issue.  I'm not sure if the new group policies resolved the issue or just forcing them to change their passwords cleared whatever issue was holding them back.