Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, August 21, 2019 10:44 AM
Hi guys,
We are having an issue when trying to change password using ctrl-alt-delete. It's saying the password doesn't meet complexity requirements but it does. The user account is on the domain and we are trying to let the user set their own user login password on the domain. What is the reason this is happening?
Thanks.
All replies (7)
Wednesday, August 21, 2019 6:05 PM
There is policy in group policy under **Security Settings->Account Policies **
And under Password must meet complexity if enable, then it force user to use complex password.
Wednesday, August 21, 2019 6:33 PM
Hello hoandb,
The error text for ERROR_PASSWORD_RESTRICTION is "Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain."
In other words, there are other factors that can affect the acceptability of a new password. Can you give an example of a password that you think should meet the requirements but fails, along with the minimum password length and an assurance that the password has not been used before for the target account? Do more complex passwords work?
Gary
Thursday, August 22, 2019 3:31 AM
Hi,
Please check if the password have meet complexity requirements.
You could refer to the following official article as your reference:
Meanwhile, check the password aging settings on the group policy. It will only allow them to change their password once during the specified aging period.
Set the Minimum Password Age is to 0 day.
If no, it may related with corrupted user profile, try to reset their accounts to see if the issue remains.
Hope above information can help you.
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Thursday, August 22, 2019 7:41 AM
Hi,
We were not even using that GPO PasswordPolicy but when we were applying that policy to OU's it was not even working, we tweaked the policy, disabled password complexity and set minimum age to 0 days just to see if the policy was working in the first place but nothing worked. I also right clicked the policy and checked enforce.
Is there like a Windows Server default within the domain that is stopping this policy?
Friday, August 23, 2019 6:53 AM
Hi,
I haven't heard that.
Go into your Domain>domainname>Default Domain Policy >Settings.
What do you have for the following:
Account Policies/Password Policy
Account Policies/Account Lockout Policy
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Friday, August 23, 2019 7:55 AM
Hi,
There is nothing I can see in the default domain policy affecting the PasswordPolicy.
Friday, August 23, 2019 4:52 PM
Hello,
Open an elevated CMD prompt.
run Net accounts
Post the results
You may want to run net accounts /domain
Compare the output to see if there is any differences
This will show us some of settings that may be affecting the error message.
Thanks, Darrell Gorter [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights.