Users cannot change password does not accept new password.
Hello I have a couple of users who are on Windows 7 Ultimate that are attached to our Windows 2003domain.I am having trouble when their passwords expire or just when they try to change their password, when they log in they receive the normal your password has expired or is about to expire, so they try and change it and they get an error that the new password does not meet minimum requirements.Now I know for certain that the new password they are trying meets our domains minimum requirements, so is there a setting in WOndows 7 that needs changing locally?
November 5th, 2009 10:30am

Hi Dean132, Could you please check if the following KB can help you?Users Receive a Password Complexity Requirements Message That Does Not Specify Character Group Requirements for a Password"The Password Cannot Be Changed at This Time" Error Message When You Try to Change a User's PasswordThanks.
Free Windows Admin Tool Kit Click here and download it now
November 6th, 2009 1:05am

Thanks for your reply.The first KB article shows the error I am getting but I know that users are definitely meeting the requirements.Also Windows 7 is not on the list of affected OS'
November 6th, 2009 4:24am

Hi Dean132, Could you please create a new Test OU on the server without Group Policy and put Windows7 computers in this new OU?We can checkwhether the computersare affected by Domain policyor not. Hope it helps. Thanks.
Free Windows Admin Tool Kit Click here and download it now
November 9th, 2009 1:41am

I'm having a similar problem. I've got a new windows 7 user on a 2003 domain who cannot update his password as it 'doesn't satisfy complexity requirements'. I've tested it myself with a password that certainly does satisfy the requirements but receives the same error. The computer is in contact with the domain controller and the user isn't locked out. Policy is being applied to the computer/user. Is this a known issue or is there a fix?
October 6th, 2010 11:39am

How to Troubleshoot Active Directory Password Policy Settings http://www.anitkb.com/2010/08/how-to-troubleshoot-active-directory.html "The password does not meet the password policy requirements. Check the minimum password legth, password complexity and password history requirements." One thing that most people forget is that when complexity is enabled, the password cannot contain the user's entire Account Name or entire Full Name. The Account Name and Full Name are parsed for delimiters: commas, periods, dashes or hyphens, underscores, spaces, pound signs, and tabs. If any of these delimiters are found, the Account Name or Full Name are split and all sections are verified not to be included in the password. There is no check for any single character or any three characters in succession. Visit: anITKB.com, an IT Knowledge Base.
Free Windows Admin Tool Kit Click here and download it now
October 6th, 2010 12:53pm

I am having this issue with a 2008 environment. I have had to reset the password in AD to give him access and now he cannot change his password. I have tried myself with extremely long, complex passwords but it will not take it. Any suggestions?
November 2nd, 2010 1:47pm

I tried logging into a 2003 box and saw that it's error said that the minimum age of the password is 30 days even though the policy is set to 0 days.
Free Windows Admin Tool Kit Click here and download it now
November 2nd, 2010 5:29pm

Just FYI, I was having this same issue. After much wrangling and searching, I found a post that explained you cannot have group policy password policies applied by OU's -- there must be only one password policy applied, and it must be applied at the domain level. After I cleaned up my Group Policy so that I only had a single password policy, applied to the root of my domain, my users were able to change their passwords again. Hope this helps! -pete
November 16th, 2010 9:58am

Hello Peter, Just for clarification...It is technically possible to have more than one password policy linked in the domain. However, when targetting DOMAIN USERS, you can only have ONE domain password policy, and it MUST be linked to the domain object. If you have a GPO with Policy settings linked to an OU, the policy is valid, but it will not apply to the user objects stored in that OU. Password Policies are stored within the Computer Configuration of a GPO. Therefore, a password policy would be applied to computer objects. If you link it to an OU, the local accounts defined on the computers within the OU will be affected. Now with AD 2008, you can also create Fine Grained Password Policies which supplement the domain password policy and you are able to target users and groups. How to Implement an Active Directory Password Policy http://www.anitkb.com/2010/03/how-to-implement-active-directory.html How to Troubleshoot Active Directory Password Policy Settings http://www.anitkb.com/2010/08/how-to-troubleshoot-active-directory.html Visit: anITKB.com, an IT Knowledge Base.
Free Windows Admin Tool Kit Click here and download it now
November 16th, 2010 6:34pm

Password Policies are set on computer objects however, in a domain, passwords are not managed by the local computer but rather by the DOMAIN CONTROLLER and therefore you need change the settings in a policy that will be applied to the DOMAIN CONTROLLERS. This worked for me. -Jimmy
March 8th, 2011 9:09am

@Jimmy, I am not sure if you understood my last posting based on your response. Let me clarify for the benfit of everyone reading this thread...Password Policies are not really user based policies. If you look at a GPO, you'll notice that password policies are contained in the computer configuration section. The GPO containing the password policies, MUST be linked to the domain object level. Domain Controllers (which are computers) read this policy and apply the settings to domain user objects. If you were to apply a GPO containing password policies at the OU level, the computers within the OU will read from this policy, and apply the policy to any local user accounts stored on those systems. I hope this helps clarify my posting. Visit: anITKB.com, an IT Knowledge Base.
Free Windows Admin Tool Kit Click here and download it now
March 8th, 2011 3:27pm

I had the same problem. Looking at the password policy settings it said that the minumum password age was set to 1 day. I just had to wait a day to be able to change my password. Kind regards, JP
June 27th, 2012 7:45am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics