asked on
Blank Password?
The password requirements for domain accounts are evaluated at the DCs only, so check them at the DCs.
gpresult /h %temp%\result.html /f & %temp%\result.html
That command lists all policies that apply and you may see which settings are applied by what policy.
If that does not bring up results, please check for password settings objects (PSO) as well:
Get-ADUserResultantPasswordPolicy -Identity usernameToCheck
ASKER
ASKER
"the policy is there not it says enforced: no" - could you rephrase that? I don't understand a word.
ASKER
Are you using the default domain policy for password settings? It does not need to be enforced. Could you share the result.html as screenshot?
ASKER
Result-SS.jpg
I am wondering what policy is used to apply your password settings. So your screenshot is not really useful, Please expand the password policy section so I can see what settings are applied by what policy.
ASKER
Password-GP-settings.jpg
Password-polcy.jpg
ASKER
dcresult.jpg
Look, if you don't expand the "security settings" section, we cannot verify that!
ASKER
dcresult2.jpg
Now you have to determine the winning policy that sets your policy, within gpmc report, the next tab list policies that set the parameter at issue here.
My god, who set that password policy? :-)
Ok, change the default domain policy, then do a gpupdate on all DCs and you will be fine.
ASKER
"snarky comments" - oh, that was snarky? Sorry, I wonder who configured that. That's not snarky. Maybe he or she had a reason for those settings, but for the life of me, I couldn't understand. Please allow me the freedom to add my opinion.
Honestly, do you know what it means to allow "reversible encryption" on passwords? That is a VERY bad idea unless someone has a pretty good reason for it. So my comment was rather made "snarky" to make you aware of that, in case it wasn't you.
ASKER
ASKER
And please undo the "use reversible encryption" GPO as well, or at least question why it's there.
Use group policy management console (GPMC) and run a results wizard against a wotkstation, user and then check the results on password ....