Announcement

Collapse
No announcement yet.

Minimum password age and GPOs. Users cannot change passwords.

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Minimum password age and GPOs. Users cannot change passwords.

    Hi Guys,

    I have a problem with users not being able to change their passwords.

    I create a user account in AD. I do not check "user must change password on next logon" checkbox. The "user cannot change password" checkbox is also left unchecked.

    The user logs on, presses Ctrl+Alt+Del and clicks on change password and attempts to change it. He gets the "Password supplied does not meet minimum complexity requirements." message. I cannot change or reset his password either.

    I have the default Domain GPO set to require complex passwords, Minimum 7 characters, maximum password age is 360 days, password history is last 5 passwords and minimum password age is set to 1 day.

    No other group policies have any account restrictions options set.

    What am I doing wrong?

  • #2
    Re: Minimum password age and GPOs. Users cannot change passwords.

    The user logs on, presses Ctrl+Alt+Del and clicks on change password and attempts to change it. He gets the "Password supplied does not meet minimum complexity requirements." message. I cannot change or reset his password either.
    If you have them do cnt-alt-del they will have to wait at least 1 day (according to your GPO).

    Also what do you mean by "I cannot change or reset his password either", from the workstation or server?

    For what you want to do check that box "user must change password on next logon"
    "...if I turn out to be particularly clear, you've probably misunderstood what I've said” - Alan Greenspan

    Comment


    • #3
      Re: Minimum password age and GPOs. Users cannot change passwords.

      Originally posted by Lior_S View Post
      If you have them do cnt-alt-del they will have to wait at least 1 day (according to your GPO).

      Also what do you mean by "I cannot change or reset his password either", from the workstation or server?

      For what you want to do check that box "user must change password on next logon"

      I mean, I (administrator) cannot reset the password in the Active Directory Users and Computers MMC.

      Should I set the minimum password age to 0 and set password history to remember 30 passwords? This should let users change passwords as often as they like and they will have a hard time trying to use old passwords.

      Comment


      • #4
        Re: Minimum password age and GPOs. Users cannot change passwords.

        if you cannot change the password either that means that the password indeed does not meet the complexity requirements. what password are you using (if you don't mind me asking)
        "...if I turn out to be particularly clear, you've probably misunderstood what I've said” - Alan Greenspan

        Comment


        • #5
          Re: Minimum password age and GPOs. Users cannot change passwords.

          Originally posted by Lior_S View Post
          if you cannot change the password either that means that the password indeed does not meet the complexity requirements. what password are you using (if you don't mind me asking)

          "Nukem005$" is a password i used.

          Comment


          • #6
            Re: Minimum password age and GPOs. Users cannot change passwords.

            Originally posted by lwnemesis View Post
            "Nukem005$" is a password i used.
            A complex password should no contain all or part of the user's name. Is Duke by any chance the user's name ?

            Sorin Solomon

            »»»»»
            In order to succeed, your desire for success should be greater than your fear of failure.
            -
            «««««

            Comment


            • #7
              Re: Minimum password age and GPOs. Users cannot change passwords.

              Originally posted by sorinso View Post
              A complex password should no contain all or part of the user's name. Is Duke by any chance the user's name ?
              No its not Its just a password I used"not an actual password" I changed it, But the elements are the same. 1 capital, 1 or more number, a special symbol and at least 7 characters.

              Comment


              • #8
                Re: Minimum password age and GPOs. Users cannot change passwords.

                How long has it been since you set the user's password for the first time? Minimum password age is set to one day; if you set it less than 23:59:59 ago it will fail to meet the requirements because it's not old enough...


                Tom
                For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

                Anything you say will be misquoted and used against you

                Comment

                Working...
                X