Title: Message
Yep. What we saw wasn't until a user got the "Your password expires in xx days" message. When they go to change their password they'll get a message that they can't because it doesn't meet complexity requirements, even though the new passwords meet the requirements. If their old password meets the requirements, they don't get this message.
 
Roger
--------------------------------------------------------------
Roger D. Seielstad - MCSE
Sr. Systems Administrator
Inovis Inc.
-----Original Message-----
From: Fugleberg, David A [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 19, 2003 10:05 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Force password length problem

Roger, can you expand on your last paragraph a bit ?  We're going to be turning on a password filter with more rigid complexity requirements before too long.  Does this mean that everyone whose current password doesn't meet the new rules will be unable to change their password the first time ?  The help desk is going to love that...  
Dave
-----Original Message-----
From: Roger Seielstad [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 19, 2003 6:47 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Force password length problem

A few things come to mind. First, did you allow enough time for replication to propagate to all domain controllers? Did you force a policy refresh on the client?
 
Also, how did you force reset the password? Keep in mind that password changes made through ADU&C are not required to conform to the domain policies. Therefore, even with a strong password policy, an admin can set a user's password to 'password' without a problem.
 
I've also seen issues where enforced complexity forces downlevel clients to not be able to change their passwords unless the previous password also met the complexity requirements.
 
Roger
--------------------------------------------------------------
Roger D. Seielstad - MCSE
Sr. Systems Administrator
Inovis Inc.
-----Original Message-----
From: Gasper, Rick [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 18, 2003 4:25 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Force password length problem

Hi all,
I am using GPOs to force a password length of 5 characters. I force a password reset and my test account is allowed a password of  zero length (blank). I checked TechNet and didn't find anything. If I don't enter the new password correctly the message I get states that I need to use a password of zero or more characters.

All the other options I want to use work, i.e.: remember the 5 previous etc...


Anyone have any ideas?

Rick Gasper <><
Manager of Network Services
King's College
Wilkes-Barre PA 18711
Phone: 570-208-5845
Fax: 570-208-5989
[EMAIL PROTECTED]


Reply via email to