How do I force a non-compliant AD password for a new user?

Open up Active Directory Users and Computers, find the User object in question, right-click on it and select "Reset Password".  Enter the new password (or have the user enter the password) and save it.

The other option would be, to create a special OU for new Users with a GPO, which is less restrictive.
After that, you can move the computer.
But I guess Pauls answer is a little bit less work. 

I attempted to reset to the desired password and got the following:  
and the GPO would actually need to be Fine Grained Password Policy but it would probably work

That's interesting - I've never run into that before.  Were you changing the password as a domain admin?  

We have an organizational requirement in Active Directory to have a 10 character password that uses Complexity Requirements.  However, we must set new users' initial password as 10 chars WITHOUT complexity (one upper case letter, 9 numbers, for example H123456789).  


Who ever suggested this is WRONG as it fails organization requirements.


You need to setup a fine-grained password policy that the user is a member of. password complexity is either ON or OFF

So, comming back to an OU, which is less restrictive, and after the pasword is set, you can move the user to the regulat OU. 

I was changing it as a member of the domain administrators group.  Yes they are wrong, my whole company agrees. I agree, FGPP has to be enabled on an OU.

My one outstanding question is Paul MacDonald's insinuating the ability to reset it against requirements in certain situations.  We're at 2012R2 forest level.

Preface: This is a terrible idea, as David indicates above.

If you still want to do it, just login to a Domain Controller and set it directly from there. This will bypass the complexity requirements that are in your way.

It used to work, but they've closed that security loophole with recent updates.

You can also say that technical limitations don't allow the initial password to not meet the requirements.  :-)

Basically, you can't get there from here. It makes no difference whether or not you set/reset the password as a Domain admin, Enterprise admin, from a DC, from anywhere. (Since using ADUC ALWAYS connects you to a Full DC, even if you are running the tools from a Windows 10 Workstation.) The complexity settings for Passwords will always apply unless you, as said, use Fine Grained Password policies and these only apply to groups, not OUs. I am not sure why you cannot just do Hh12345678 instead of H123456789. This would solve your issue. If the process cannot handle that, I would say develop a better process.

is this issue solved?
I yes, you may close the question.

I will close this question.  The process, though incorrect, is required because of some SQL Operations done against the password before the user starts and changes upon first logon, and there is inflexibility with that SQL script.  Unfortunately.....
Our process is we are disabling the password policy entirely during new user creation. We have to enforce FGPP which is not fun to administer as an MSP.  Thanks all!