Announcement

Collapse
No announcement yet.

users cannot change there passwords but admins can

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • users cannot change there passwords but admins can

    I am having a problem on a Windows 2003 Domain running Active Directory where users cannot change there passwords but admins can.

    password complexity is enable in the GPO.
    Store password using reversible encryption is disable.
    Enforce password history is 1
    maximum password age is 90 days
    minimum password age is 0
    minimum password length 4 chars

    I have created a test user and have tried with complex passwords that meet all the requirements but that user cannot change there password. They get the message "your password does not meet the requirements ......... "

    We have found out that admins can change there passwords ok.

    For both types of users we are using ctrl-alt-del then Change Password.

    Its going to be come a pain soon as some users passwords are about to expire, so we will have to change there passwords for them.

    thanks

    reso

  • #2
    Re: users cannot change there passwords but admins can

    Do they get any error message when they attmept to change the password?

    Have you checked the event log on the DC they authenticated agains to see if there is anything in the security log to say why it's failing?

    I've never seen this before but I always configure 'minimum password age' to be more than 0.

    Michael
    Michael Armstrong
    www.m80arm.co.uk
    MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    Comment


    • #3
      Re: users cannot change there passwords but admins can

      The only error message they get is that there passwords dont meet the requirements.

      Whoops i forgot we did alter the min password age to 1 to see if that helped but it didnt.

      Will have a look at the logs on the DC.

      Comment


      • #4
        Re: users cannot change there passwords but admins can

        Stupid question but you are typing the new password in to meet the complexity requirements:

        When you set the Passwords must meet complexity requirements policy setting, and a user logs on to the computer or to a domain and types a password in the Change Password dialog box that does not meet the complexity requirements, the user receives the following message:
        Your password must be at least x characters; cannot repeat any of your previous x passwords; must contain capitals, numerals or punctuation; and cannot contain your account or full name. Please type a different password. Type a password which meets these requirements in both text boxes.
        This message is expected behavior when a user tries to change the password and the password does not meet the complexity requirements that you set. However, some of the content of the message may be confusing to some users because it does not explicitly specify that the password must contain at least three of the following four character groups:
        • English uppercase characters (A through Z)
        • English lowercase characters (a through z)
        • Numerals (0 through 9)
        • Non-alphabetic characters (such as !, $, #, %)
        http://support.microsoft.com/kb/821425

        Michael
        Michael Armstrong
        www.m80arm.co.uk
        MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

        ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

        Comment


        • #5
          Re: users cannot change there passwords but admins can

          Yes I am using passwords that meet the requirements.
          The password I was using to test with was "123!"£qazQAZ" which unless I'm missing something meets all 4 requirements.
          Also used other variations of it but using 3 characters from each of the 4 requirements.

          cheers
          reso

          Comment


          • #6
            Re: users cannot change there passwords but admins can

            Setting min password age to 1 simply means that they can't change their passwords within a day of the last time it was changed - if you tried to change it within that first day you would get this message. Try a password that you have definitely never used before; for instance why not try this one:

            c0mpL!c4ted

            which meets all the content requirements and because I just invented it, probably isn't one you used before. This message is incredibly frustrating and I have had it before - but you just have to keep trying different passwords until it works.

            [edit] How are you trying to change it? Is it via CTRL-ALT-DEL/Change Password? Or is it on initial login? Trouble is, if you set "User must change password at next logon" and also set "User cannot change password" they can never either (a) change their password, or (b) log in...
            Last edited by Stonelaughter; 26th October 2006, 14:18.


            Tom
            For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

            Anything you say will be misquoted and used against you

            Comment


            • #7
              Re: users cannot change there passwords but admins can

              The problem appears to resolved itself
              Think it was due to the the user accounts passing the date of the change.
              Admin reset the passwords and other users are not having any problems so all is good

              Comment


              • #8
                Re: Thanks for sharing

                Thanks for sharing your answer with us! I'm sure others will also benefit from knowing what was wrong and how you fixed it.

                Cheers,

                Daniel Petri
                Microsoft Most Valuable Professional - Active Directory Directory Services
                MCSA/E, MCTS, MCITP, MCT

                Comment


                • #9
                  Re: users cannot change there passwords but admins can

                  A small number of my clients are having this issue after admins change their passwords. The date of change does not appear to be a factor with my clients and the majority of clients are fine. I have confirmed that the new passwords are complex but the clients still get the "password does not meet the minimum password complexity requirements" message. The domain is 2003 and the machines are 2K SP4. Thanks in advance.

                  Comment

                  Working...
                  X