Unable to change domain password even if the password is complex

Question

I have a problem with users not being able to change their passwords.

When they try to change the password, they get this error:

"Your new password does not meet the length, complexity, or history requirements of your domain. Try choosing a different new password."

However, the password is definitely complex (20+ chars randomized numbers letters symbols etc), is not within hold period of one day.

The user has the permissions to change their password as you can see below:

enter image description here

I really don't see what could be the problem. Any tips?

score 1 · Answer 1 · answered May 06 '15 at 20:08

1

This is probably because the password is too similar to one of the previous ones that are held in the history. Switch that option off and see what happens. It can be manipulated using the group policy editor (gpedit.msc).

answered May 06 '15 at 20:08

Konrad Gajewski

1,498
3
15
29

Do you think this (3vQ4j*gC4Vrk5.h) can be similar to (Trololo$56!@) . I don't think so. – user2629636 May 06 '15 at 20:18
Have you had a look at the policy? – Konrad Gajewski May 06 '15 at 20:25
@user2629636 Is `3vQ4j*gC4Vrk5.h` one of the last 12 (by default) passwords that the user had set? Change a character and find out. – Shane Madden May 06 '15 at 20:26
I've created the policy. Its a test user I created and those two are the actual passwords i tried. they are not similar. – user2629636 May 06 '15 at 20:28
1

Guys, I appreciate the help. But It's a test user I created to replicate the problem. It had only one password so far (the one I assigned while creating the account) and it's definitely not similar. Also, similarity is not a criteria, it has to be the same password, which obviously is not. – user2629636 May 06 '15 at 20:32
Well you asked for tips. :) Ok, so maybe it is the complexity or something to that effect. I am assuming the installation is not faulty. – Konrad Gajewski May 06 '15 at 20:56
Complexity requirements also include the following limitations. Password can't contain the username or any portion of the user's full name. So if it's a test user with a username like 'a' and there's an 'a' in the password, that could be the problem as well. – Ryan Bolger May 07 '15 at 19:49

score 0 · Answer 2 · answered May 07 '15 at 18:18

0

Can you provide a screen of your password policy settings? What is the setting for "minimum password age"? If that value is greater than 0, and that many days have not passed, you will be denied due to the age requirement.

answered May 07 '15 at 18:18

Clayton

4,483
16
24

Age requirement is "one day". I've tested this after 24 hours and on multiple brand new users. – user2629636 May 07 '15 at 19:27

score 0 · Answer 3 · edited Jun 11 '20 at 10:02

logon as a domain administrator
click start administrative tools>Group Policy Management
find the policy that deals with the password settings most likely the "defualt domain policy" right click then left click edit on the menu that comes up
Computer configuration>windows Settings>security settings> Account Policies>Password Policy and change the minimum age to 0

exit then click start>run and

type gpupdate, this make sure that the changes take effect.

Try to change the password again .

It works for me .

Unable to change domain password even if the password is complex

3 Answers3