Adding Users in Active Directory

  • Thread starter Thread starter Sam
  • Start date Start date
S

Sam

Hello,

Wondering if anyone has had this problem.

I have a win2k server (only one) with all of the latest
service packs....I also have Exchange 2000 loaded. I have
two nics and internal and external. File Print Sharing is
turned on on the internal link and the dns entry for my
domain shows a server record for the internal nic.


Problem is this: When I go to add a user to my domain I
get the following message:

Windows can not complete the password change for user
name because:
The password does not meet the password policy
requirements. Check the minimum password length, password
complexity, and password history requirements.


I checked the knowledge base and found an article #273004
but there doesn't appear to be any issues in my group
policy as the article describes.

I am baffled. Any help ?
 
With the single server, was this box used earlier as just a standalone not
in a domain with multiple local user accounts before it was promoted up and
you created the domain?
If you open your default domain security policy, and look in
security/account policies/password policy does what you're trying to enter
for those users match what is set in here (can be opened via
programs/administrative tools - and be sure you look at the domain and not
domain controller policy).
What service pack is it running?
It sounds like this may be a relative new domain, but have any security
templates been applied earlier.

--
David Brandt
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.
 
Hi David,

It was a fresh install. I created a domain called
myname.local. Not sure at what point this issue started
but I was able to create some accounts and can create and
account if I copy an existing one ?! ?

As far as policies I looked at both Default Domain Policy
and Default Domain Controller Policy and they are both
set up the same way in the Password Policy. Also, I only
have the following three settings in the policy on both
with all others as NOT DEFINED.

Maximum Password Age 30 days
Minimum Password Age 0 days
Minimum Password Length 6



I am running Win2k with Sevice Pack 4 loaded. I am SURE
that this problem was there prior to my loading of SP4.

As far security "templates" I am not sure. I honestly
can't remember (LAME!!) if I applied these of if I even
know how :-) I have looked a so many articles that my
brain is spinning.

-SAM
 
Look in the event logs on that dc and see what errors/events are showing up
that look like they would apply to this problem. Also make sure that it is
a GC (sites&services/site/servers/servername/properties on ntds)
With the exception of the pw stuff, the domain policy should be not defined
for about 99% of the settings there by default.
Since your set for "6" characters in the pw, what are you trying to do
that's different and not working.
Can you set it to something else, and then either reboot or run secedit to
refresh, and see if that new setting takes effect, and if it does, then
change it back.
(Always only use the Domain policy for pw settings, not the DC policy which
should be not defined)

--
David Brandt
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.
 
Hi David,

Found this in the log:

Event Id: 628
Type: Failure
Source: Security
Category: Account Management

User Account password set:
Target Account Name: menissi
Target Domain: MENIST
Target Account ID: Sam Menissi
DEL:bdae1700-d08c-4652-8c8c-d81338346bcb
Caller User Name: sam
Caller Domain: MENIST
Caller Logon ID: (0x0,0x2F709D)


Thanks for your persistance so far.

-SAM
 
SUCCESS.....simply did what you recommended and changed
the password length from 6 to 8....ran the command:
secedit /refreshpolicy machine_policy /enforce

and viola ! It worked.

Thanks again David. You've been a great help.
 
Back
Top