Password Does Not Meet Complexity Requirements

KB ID 0000229 

Problem

Windows Server has a password complexity requirement to make sure passwords are strong. Yes it can be disabled, but while it is in place you need your passwords to confirm to the following.

Error within AD

Error at Logon

Note: To disable password complexity click here.

 

Solution

To meet the policy your password MUST,

1. Passwords cannot contain the user’s account name or parts of the user’s full name that exceed two consecutive characters.

2. Passwords must be at least six characters in length

3. Passwords must contain characters from THREE of the following four categories:

  • English uppercase characters (A through Z).
  • English lowercase characters (a through z).
  • Base 10 digits (0 through 9).
  • Non-alphabetic characters (for example, !, $, #, %).

Permissable (examples only).

St@ndard – Stranger123 – s!mple1

Not Permissable (examples only).

Password – c0mplex – steve1970

 

Related Articles, References, Credits, or External Links

Disable Password Complexity

Windows Server – Fine Grained Password Policies

KB ID 0000765 

Problem

Before server 2008 if you wanted more than one password policy, you had to create a sub domain just to do that! with Server 2008 we were given fine grained password policies, which were fine (if a little clunky), and involved you creating ‘Password Settings Objects’.

They were a pain if you were not used to them e.g. five minutes is entered as 00:00:05:00. But now Microsoft have made things a LOT EASIER (though they made a good job of hiding it!).

Solution

1. From Server Manager (ServerManager.exe) > Local Server > Tools > Active Directory Administrative Center.

2. System container.

3. Password Settings Container.

4. New > Password Settings > Configure as required > Add > Locate the Security group you want to apply the policy to > OK > OK.

Note: The Precedence dictates which policy will apply if the same user has multiple policies applied to them.

5. You can then create other policies to apply to different groups.

To See What Policies are Applying to a User

6. Locate the user (while still in Active Directory Administrative Center) Right click > View resultant password settings > If a policy is in place it will open.

7. If there is no policy in place you will see, “User does not have resultant fine grained password settings. Please check the user’s domain password settings”.

 

Related Articles, References, Credits, or External Links

NA