After you set the policy, you have to wait for the policy to be replicated to all DCs in the domain and applied before you get convergence on the new policy rules. Depending on the environment this can take varying amounts of time. If you have only a couple of K3 DCs in a single site and great FRS/AD replication you can set it and then wait a minute and then do a
gpupdate /force To force the update of the policy. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mayuresh Kshirsagar Sent: Monday, June 27, 2005 9:49 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Error while adding user to AD Thanks a lots Joe. I'll try this out. One more query. After I've changed my password policy, they dont seem to be reflected immediately. how can i force it? ----- Original Message ----- From: "joe" <[EMAIL PROTECTED]> To: <ActiveDir@mail.activedir.org> Sent: Tuesday, June 28, 2005 5:38 AM Subject: RE: [ActiveDir] Error while adding user to AD > That DSID can pop up when an account is improperly created. I.E. Someone is > trying to set the account enabled in the actual creation of the account when > there is password length policy. > > If you have a password length policy you need to create the account > disabled, then set a password, then enable it. > > It sounds like the meta directory product doesn't know how to properly > create an account in AD. > > > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Mayuresh Kshirsagar > Sent: Monday, June 27, 2005 7:42 PM > To: ActiveDir@mail.activedir.org > Subject: Re: [ActiveDir] Error while adding user to AD > > Active Directory password policy was set as follows: > > Policy Setting > Enforce password history 0 passwords remembered Maximum password age 999 > days Minimum password age 0 days Minimum password length 8 characters > Password must meet complexity requirements Disabled Store passwords using > reversible encryption Disabled Provisioning new accounts failed even though > our passwords are longer than 8 characters. > > When modifying the policy to a minimum length of 0 characters provisioning > works. > > Any pointers of how this happened? > > Regards, > Mayuresh > > > ----- Original Message ----- > From: "Gil Kirkpatrick" <[EMAIL PROTECTED]> > To: <ActiveDir@mail.activedir.org> > Sent: Tuesday, June 28, 2005 4:57 AM > Subject: RE: [ActiveDir] Error while adding user to AD > > > This sort of error happens when the user you are provisioning doesn't meet > all the policy requirements in AD. Make sure all the required attributes are > set properly, and make sure that the password assigned to the user object > meets the current domain complexity requirements. > > -gil > > ________________________________ > > From: [EMAIL PROTECTED] on behalf of Mayuresh Kshirsagar > Sent: Mon 6/27/2005 4:09 PM > To: ActiveDir@mail.activedir.org > Subject: [ActiveDir] Error while adding user to AD > > > > Hi, > > I am using a meta directory to provision a new user in AD. But while adding > the user, I am getting the following error: > > Server_Info='0000052D: SvcErr: DSID-031A0B56, problem 5003 > (WILL_NOT_PERFORM), data 0 > > Can you guide me as to how can I detect and eliminate the cause of it > please. > > Thanks, > Mayuresh > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
