Windows Domain Password Policy Issue

Asked Sep 07 '18 at 14:21

Active Sep 07 '18 at 21:22

Viewed 94 times

I just discovered something odd happening with a password policy in one of the Windows Server 2012 R2 environments we manage, and we have had no luck finding any information to explain the behavior.

The password policy has a minimum password length set to 12 characters but trying to set a password to exactly 12 characters is not accepted - you have to have 13+ characters. It doesn't matter what character it is, or if the first 12 characters meet all complexity requirements (age, mixed case, special characters, etc.) - if you don't have the minimum password length + 1 or greater it doesn't accept it. If the policy is changed to set 11 as the minimum, it will only accept 12 or more.

This is very confusing and contradictory to every other environment we manage.

edited Sep 07 '18 at 21:22

asked Sep 07 '18 at 14:21

Jesse P.

Is there any chance you are using spaces in your test passwords? Spaces are allowed but they don't always work like other characters. – Todd Wilcox Sep 07 '18 at 14:39
No; no spaces. It's not rejecting the password due to failure to have (or the presence of) any certain characters - it's rejecting solely based on length not being greater-than whatever the minimum length is set to. – Jesse P. Sep 07 '18 at 14:43
Is there a custom password filter? – Greg Askew Sep 07 '18 at 22:33
@GregAskew No, there's not. – Jesse P. Sep 07 '18 at 22:34
I'm assuming from the lack of comments and answers that everyone else is just as stumped as I am with this one. – Jesse P. Sep 09 '18 at 13:18
Anyone wanna take a crack at this? This is still a problem. – Jesse P. Oct 01 '18 at 02:44
...still waiting for anyone with an idea to solve this... – Jesse P. Oct 23 '18 at 03:17

Windows Domain Password Policy Issue

0 Answers0