Windows cannot complete password change

  • Thread starter Thread starter marcian swaby
  • Start date Start date
M

marcian swaby

This is very strange to me, one of my clients are running an environment
with widows 2000 server sp 4, and for some strange reason they are getting

"windows cannot complete the password change for user _____ because the
password does not meet the pasword policy requirements. Check the minimum
password length, password complexity & password history requirements"

I checked all the password policy issues and everything seems to be normal,
this started happening about 3 months ago, I went to microsoft website and
check all the password rules in the active directory restarted the server
even type the command in dos that automatically applies all the changes but
still getting the error message. Hence because I am not able to change the
password, I am unable to add new users into the system. And as you can
figure they are really getting at me for not being able to solve this.

We are unable to change any password from the active directory or even from
computer systems.

Please anybody have any suggestions please help.

Thanks
 
Double check the password configuration in Domain Security Policy OR in and
Group Policy linked to the domain container that is higher in the list than
default domain Group Policy. Verify that the default domain Group Policy is
linked to the domain controller. Password policy for domain users can be
configured ONLY at the domain container level. Many make the mistake of trying
to configure it in Domain Controller Security Policy which will NOT work. On a
domain controller run the command "net accounts" to see what is shown for
password policy for the domain, though it will not show the result for password
complexity. If password complexity is enabled, passwords must be at least 6
characters in length and contain 3 of 4 for - lowercase, uppercase, numeric,
special characters such as punctuation. If you do not want password complexity
enabled make sure it is set to be disabled in Domain Security Policy or whatever
domain Group Policy it is defined in. Use secedit /refreshpolicy machine_policy
/enforce after making any changes.

Also make sure that "block inheritance" is not enabled on the domain controller
container or any changes you make to domain password policy will not take
effect. Of course domain controller issues such as replication problems can also
contribute to problems with password policy not propagating correctly. You can
use the support tools netdiag and dcdiag on domain controllers to check for
proper domain controller configuration and general domain health and check Event
Viewer for related problems. Dns issue are often a problem with domain
configuration. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;291382 --- AD dns
FAQ
http://support.microsoft.com/default.aspx?scid=kb;en-us;321708 --- netdiag and
how to install support tools.
 
To add. Also make sure that minimum password age is less than maximum
password age. In a default configuration I believe maximum password age is
42 days and minimum is 1 day. --- Steve
 
Back
Top