Disable password complexity on Windows 2012 R2

Question

I have a Windows Server 2012 R2 that is my domain controller. I want to disable the password complexity rule for a few users only. I have created a group (called Formation) in AD to identify these domain users. I have defined a GPO in an OU to disable the password complexity rule, and I have assigned my new group to this GPO.

I was hoping this would work, but when I go (on the same server) to manage the users in AD, I try to initialyze the password, but I still get the error message saying the password complexity rule was not followed.

I tried to run gpupdate /force but no success... What else should I look for to fix this?

The password policy is a computer config and I want to apply this to users, is this part of the problem?

Answer 1

If you are using legacy password policies, those apply to the entire domain. You may want to research fine-grained password policies.

(Note: Fine-grained password policies were originally introduced in Windows Server 2008.)

Answer 2

You need to override other GPO's

If you have your password policy built in the domain GPO then you will need to override that GPO. Hit the checkbox for override.

Here an is article on Group Policy and Precedence which discussing what is in the title as well as howto override another group policy that is taking precedence.

Points of Interest

• A GPO can be enforced, disabled or both.

• Block Inheritance in an organizational unit can be set

• A GPO can have settings disabled, its computer settings disabled, or all settings disabled.

There is also this question and answer that explains howto override a GPO.

• How do you override a GPO with another GPO?