Re: Password Complexity issue

"Password must meet complexity requirements" means that at the same time:
1) Password must be 6 or more charaters long
2) Password must contain characters from at least 3 out of 4 groups of
characters (digits, letters, punctuation characters, capital letters)
3) Password may not contain as a part user login or user name

This setting is independent from other settings defining minimum password
length and so on. See more detailed description of this setting in the
documentation.

--
Dmitry Korolyov [d__k@xxxxxxxxxxxxxxxxxxxxxx]
MVP: Windows Server - Directory Services


"Steve Lundy" <SteveLundy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:2D37DA99-52B6-4EEE-92BB-270F790F1201@xxxxxxxxxxxxxxxx
> Here's the deal. We're migrating over from NDS to AD and this is the
> process
> in regards to the users:
>
> Account is disabled orginally.
> We enable the account, reset the password, and place the user in their
> appropriate OU.
>
> We go to the workstation and after putting them on the domain we log them
> in
> using the initial password that is set to expire at logon. Here's where
> the
> issue comes in. We have the password complexity requirements set to
> "Disabled" on the Default Domain Policy and "not defined" on every other
> GPO
> that we have. Yet they are still getting prompted that their password
> doesn't meet the requirements. However, sometimes they don't get prompted
> with the complexity issue. If we try to manually change their password
> after
> successfully logging them in (sometimes they mistype their password, or
> don't
> understand us when we tell them to put their novell password in when
> sync'ing
> up the accounts b/w NDS and AD and they enter a totally different
> password,
> thus they aren't sync'd up).
>
> Here's what the settings are set at:
>
> Enforce password history 24 passwords remembered
> Maximum password age 120 days
> Minimum password age 1 days
> Minimum password length 5 characters
> Password must meet complexity requirements Disabled
> Store passwords using reversible encryption Disabled
>
>
> Shouldn't the fact that it is disabled on the domain override whether or
> not
> the password is compared against the requiremenst? It doesn't seem to be
> happening that way. Any ideas? I had thought about changing the Min.
> Pass.
> Age to 0, but wanted to get some feedback first. I believe that is the
> setting that is causing the issues. This also happens if someone tries to
> change their password later on after we get them logged in and running.


.

Relevant Pages

  • Re: Password Complexity issue
    ... > This setting is independent from other settings defining minimum password ... >> Account is disabled orginally. ... >> Maximum password age 120 days ... >> Password must meet complexity requirements Disabled ...
    (microsoft.public.windows.server.active_directory)
  • Password Complexity issue
    ... We're migrating over from NDS to AD and this is the process ... Account is disabled orginally. ... Maximum password age 120 days ... Password must meet complexity requirements Disabled ...
    (microsoft.public.windows.server.active_directory)
  • RE: User cannot change password
    ... Make sure that the password users give meet the complexity requirements. ... access to network resources is to use secure passwords. ... Minimum Password Length sets the minimum number of characters for a ... characters), which is definitely not a good idea. ...
    (microsoft.public.win2000.active_directory)
  • RE: Password complexity - improvement
    ... complexity requirements, and you knew the first three characters were ... were Aa1 in order to only try special characters for the 4th. ... even complexity requirements can't replace user education. ...
    (Focus-Microsoft)
  • RE: User cannot change password
    ... complexity requirements. ... >access to network resources is to use secure passwords. ... >Minimum Password Length ... >characters), which is definitely not a good idea. ...
    (microsoft.public.win2000.active_directory)
Loading