Re: Password Complexity issue
- From: "Steve Lundy" <SteveLundy@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 11 Aug 2005 05:56:08 -0700
So even though it is "disabled" it still has to meet those requirements? Is
that what you're saying?
"Dmitry Korolyov [MVP]" wrote:
> "Password must meet complexity requirements" means that at the same time:
> 1) Password must be 6 or more charaters long
> 2) Password must contain characters from at least 3 out of 4 groups of
> characters (digits, letters, punctuation characters, capital letters)
> 3) Password may not contain as a part user login or user name
>
> This setting is independent from other settings defining minimum password
> length and so on. See more detailed description of this setting in the
> documentation.
>
> --
> Dmitry Korolyov [d__k@xxxxxxxxxxxxxxxxxxxxxx]
> MVP: Windows Server - Directory Services
>
>
> "Steve Lundy" <SteveLundy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:2D37DA99-52B6-4EEE-92BB-270F790F1201@xxxxxxxxxxxxxxxx
> > Here's the deal. We're migrating over from NDS to AD and this is the
> > process
> > in regards to the users:
> >
> > Account is disabled orginally.
> > We enable the account, reset the password, and place the user in their
> > appropriate OU.
> >
> > We go to the workstation and after putting them on the domain we log them
> > in
> > using the initial password that is set to expire at logon. Here's where
> > the
> > issue comes in. We have the password complexity requirements set to
> > "Disabled" on the Default Domain Policy and "not defined" on every other
> > GPO
> > that we have. Yet they are still getting prompted that their password
> > doesn't meet the requirements. However, sometimes they don't get prompted
> > with the complexity issue. If we try to manually change their password
> > after
> > successfully logging them in (sometimes they mistype their password, or
> > don't
> > understand us when we tell them to put their novell password in when
> > sync'ing
> > up the accounts b/w NDS and AD and they enter a totally different
> > password,
> > thus they aren't sync'd up).
> >
> > Here's what the settings are set at:
> >
> > Enforce password history 24 passwords remembered
> > Maximum password age 120 days
> > Minimum password age 1 days
> > Minimum password length 5 characters
> > Password must meet complexity requirements Disabled
> > Store passwords using reversible encryption Disabled
> >
> >
> > Shouldn't the fact that it is disabled on the domain override whether or
> > not
> > the password is compared against the requiremenst? It doesn't seem to be
> > happening that way. Any ideas? I had thought about changing the Min.
> > Pass.
> > Age to 0, but wanted to get some feedback first. I believe that is the
> > setting that is causing the issues. This also happens if someone tries to
> > change their password later on after we get them logged in and running.
>
>
>
.
- Follow-Ups:
- Re: Password Complexity issue
- From: Dmitry Korolyov [MVP]
- Re: Password Complexity issue
- From: Anjru
- Re: Password Complexity issue
- References:
- Password Complexity issue
- From: Steve Lundy
- Re: Password Complexity issue
- From: Dmitry Korolyov [MVP]
- Password Complexity issue
- Prev by Date: Domain Controller Rebooting
- Next by Date: Re: Active Directory Domain Rename
- Previous by thread: Re: Password Complexity issue
- Next by thread: Re: Password Complexity issue
- Index(es):
Relevant Pages
|
