Password Panic in Active Directory

Discussion in 'MCSE' started by MikeH, Oct 27, 2003.

  1. MikeH

    MikeH Guest

    System - Windows 2003 Server

    Problem - I am unable to reset passwords in active
    directory users & computers.

    Symptom - I get an error message saying that I have not
    met the requirements for complexity/length or history.
    This happens either when creating new accounts in AD
    logged on as Domain Admin, resetting existing account
    passwords or even when logging on as a domain user to a
    different station (on XP) and attempting to change a
    personal (non-admin) user password.

    There are NO policies in effect from the default site
    policy down thro the sub-containers which affect account
    password policy and running RsoP also confirms there are
    no password policies in place.

    I would apprecaite any suggestions as this worked a few
    days ago and nothing seemingly has been changed other than
    setting up and starting RIS. DNS & DHCP are functioning
    OK, and it is a single DC. I am in a big panic as I need
    to create 800 accounts by Monday!!

    TIA

    MikeH
     
    MikeH, Oct 27, 2003
    #1
    1. Advertising

  2. MikeH

    simon whale Guest

    Mike,

    had this problem myself. if you run security (local or domain can neither
    remember which one as i'm now near our 2003 server) console form the DC, in
    there you will find sections on passwords and it's complexities.

    Simon

    "MikeH" <> wrote in message
    news:0a1a01c39ca3$a881ff80$...
    > System - Windows 2003 Server
    >
    > Problem - I am unable to reset passwords in active
    > directory users & computers.
    >
    > Symptom - I get an error message saying that I have not
    > met the requirements for complexity/length or history.
    > This happens either when creating new accounts in AD
    > logged on as Domain Admin, resetting existing account
    > passwords or even when logging on as a domain user to a
    > different station (on XP) and attempting to change a
    > personal (non-admin) user password.
    >
    > There are NO policies in effect from the default site
    > policy down thro the sub-containers which affect account
    > password policy and running RsoP also confirms there are
    > no password policies in place.
    >
    > I would apprecaite any suggestions as this worked a few
    > days ago and nothing seemingly has been changed other than
    > setting up and starting RIS. DNS & DHCP are functioning
    > OK, and it is a single DC. I am in a big panic as I need
    > to create 800 accounts by Monday!!
    >
    > TIA
    >
    > MikeH
     
    simon whale, Oct 27, 2003
    #2
    1. Advertising

  3. Win2K3 Enforces complex passwords out of the box by default. You need to
    make an adjustment in Group Policies to loosen this up. In the GPO you are
    editing, go to Computer Configuration > Windows Settings > Security Settings
    > Accout Policies > Password Policy. In there you will see a Security Policy

    Setting "password must meet complexity requirements". Disable this policy.
    Bear in Mind that you will need to apply this Security at a domain level
    GPO. Any lower and it will be overwritten. If you implement this in a new
    GPO, nmake sure that it is 1st on the link order.

    Good Luck.
    "MikeH" <> wrote in message
    news:0a1a01c39ca3$a881ff80$...
    > System - Windows 2003 Server
    >
    > Problem - I am unable to reset passwords in active
    > directory users & computers.
    >
    > Symptom - I get an error message saying that I have not
    > met the requirements for complexity/length or history.
    > This happens either when creating new accounts in AD
    > logged on as Domain Admin, resetting existing account
    > passwords or even when logging on as a domain user to a
    > different station (on XP) and attempting to change a
    > personal (non-admin) user password.
    >
    > There are NO policies in effect from the default site
    > policy down thro the sub-containers which affect account
    > password policy and running RsoP also confirms there are
    > no password policies in place.
    >
    > I would apprecaite any suggestions as this worked a few
    > days ago and nothing seemingly has been changed other than
    > setting up and starting RIS. DNS & DHCP are functioning
    > OK, and it is a single DC. I am in a big panic as I need
    > to create 800 accounts by Monday!!
    >
    > TIA
    >
    > MikeH
     
    Karl \Johnno\ Gustaf, Oct 28, 2003
    #3
  4. Thanks for the advice but I've tried both methods and can confirm that there are NO policies enabled for passwords at any level in my domain. If I didn't know any better I'd suspect a corruption of active directory, or if it were a unix system, a permissions problem with the password directory.

    I'm still desparate.....and my deadline approacheth


    MikeH
     
    =?Utf-8?B?TWlrZUg=?=, Oct 29, 2003
    #4
  5. "MikeH"
    > Thanks for the advice but I've tried both methods and can confirm

    that there are NO policies enabled for passwords at any level in my
    domain. If I didn't know any better I'd suspect a corruption of active
    directory, or if it were a unix system, a permissions problem with the
    password directory.
    >
    > I'm still desparate.....and my deadline approacheth
    >
    >
    > MikeH


    Sorry that I can't help you then dude. All I can say is that if you
    disable the policies I mentioned then it works. I have had to
    implement these settings on a couple of domains recently. Users
    migrating from a Win2K domain don't want kickass passwords, and in
    large organisations this just adds excessive overhead to the helpdesk
    support teams.
    Have you tried microsoft? I had a quick sniff through Technet but
    found nothing for you. Hope you have better luck.
     
    Karl \Johnno\ Gustaf, Oct 29, 2003
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?ISO-8859-2?Q?Rafa=B3_=A3o=BFy=F1ski?=

    Thunderbird filters "active" but not "active"

    =?ISO-8859-2?Q?Rafa=B3_=A3o=BFy=F1ski?=, May 14, 2005, in forum: Firefox
    Replies:
    5
    Views:
    668
    Moz Champion
    May 18, 2005
  2. nasteric
    Replies:
    6
    Views:
    6,242
    Rishi
    Aug 28, 2006
  3. =?Utf-8?B?U3VzaGls?=
    Replies:
    1
    Views:
    720
    Wayne
    Feb 16, 2006
  4. UBEST
    Replies:
    5
    Views:
    24,502
    bmille6
    Mar 24, 2008
  5. Battousai

    Active Directory Password Policy

    Battousai, Aug 1, 2007, in forum: General Computer Support
    Replies:
    2
    Views:
    1,238
    honeykutty
    Oct 1, 2007
Loading...

Share This Page