Password Panic in Active Directory

System - Windows 2003 Server

Problem - I am unable to reset passwords in active
directory users & computers.

Symptom - I get an error message saying that I have not
met the requirements for complexity/length or history.
This happens either when creating new accounts in AD
logged on as Domain Admin, resetting existing account
passwords or even when logging on as a domain user to a
different station (on XP) and attempting to change a
personal (non-admin) user password.

There are NO policies in effect from the default site
policy down thro the sub-containers which affect account
password policy and running RsoP also confirms there are
no password policies in place.

I would apprecaite any suggestions as this worked a few
days ago and nothing seemingly has been changed other than
setting up and starting RIS. DNS & DHCP are functioning
OK, and it is a single DC. I am in a big panic as I need
to create 800 accounts by Monday!!

TIA

MikeH

MikeH

Mike,

had this problem myself. if you run security (local or domain can neither
remember which one as i'm now near our 2003 server) console form the DC, in
there you will find sections on passwords and it's complexities.

Simon

"MikeH" <> wrote in message
news:0a1a01c39ca3$a881ff80$...
> System - Windows 2003 Server
>
> Problem - I am unable to reset passwords in active
> directory users & computers.
>
> Symptom - I get an error message saying that I have not
> met the requirements for complexity/length or history.
> This happens either when creating new accounts in AD
> logged on as Domain Admin, resetting existing account
> passwords or even when logging on as a domain user to a
> different station (on XP) and attempting to change a
> personal (non-admin) user password.
>
> There are NO policies in effect from the default site
> policy down thro the sub-containers which affect account
> password policy and running RsoP also confirms there are
> no password policies in place.
>
> I would apprecaite any suggestions as this worked a few
> days ago and nothing seemingly has been changed other than
> setting up and starting RIS. DNS & DHCP are functioning
> OK, and it is a single DC. I am in a big panic as I need
> to create 800 accounts by Monday!!
>
> TIA
>
> MikeH

simon whale

Win2K3 Enforces complex passwords out of the box by default. You need to
make an adjustment in Group Policies to loosen this up. In the GPO you are
editing, go to Computer Configuration > Windows Settings > Security Settings
> Accout Policies > Password Policy. In there you will see a Security Policy
Setting "password must meet complexity requirements". Disable this policy.
Bear in Mind that you will need to apply this Security at a domain level
GPO. Any lower and it will be overwritten. If you implement this in a new
GPO, nmake sure that it is 1st on the link order.

Good Luck.
"MikeH" <> wrote in message
news:0a1a01c39ca3$a881ff80$...
> System - Windows 2003 Server
>
> Problem - I am unable to reset passwords in active
> directory users & computers.
>
> Symptom - I get an error message saying that I have not
> met the requirements for complexity/length or history.
> This happens either when creating new accounts in AD
> logged on as Domain Admin, resetting existing account
> passwords or even when logging on as a domain user to a
> different station (on XP) and attempting to change a
> personal (non-admin) user password.
>
> There are NO policies in effect from the default site
> policy down thro the sub-containers which affect account
> password policy and running RsoP also confirms there are
> no password policies in place.
>
> I would apprecaite any suggestions as this worked a few
> days ago and nothing seemingly has been changed other than
> setting up and starting RIS. DNS & DHCP are functioning
> OK, and it is a single DC. I am in a big panic as I need
> to create 800 accounts by Monday!!
>
> TIA
>
> MikeH

Karl \Johnno\ Gustaf

Thanks for the advice but I've tried both methods and can confirm that there are NO policies enabled for passwords at any level in my domain. If I didn't know any better I'd suspect a corruption of active directory, or if it were a unix system, a permissions problem with the password directory.

I'm still desparate.....and my deadline approacheth


MikeH

=?Utf-8?B?TWlrZUg=?=

"MikeH"
> Thanks for the advice but I've tried both methods and can confirm
that there are NO policies enabled for passwords at any level in my
domain. If I didn't know any better I'd suspect a corruption of active
directory, or if it were a unix system, a permissions problem with the
password directory.
>
> I'm still desparate.....and my deadline approacheth
>
>
> MikeH

Sorry that I can't help you then dude. All I can say is that if you
disable the policies I mentioned then it works. I have had to
implement these settings on a couple of domains recently. Users
migrating from a Win2K domain don't want kickass passwords, and in
large organisations this just adds excessive overhead to the helpdesk
support teams.
Have you tried microsoft? I had a quick sniff through Technet but
found nothing for you. Hope you have better luck.

Karl \Johnno\ Gustaf