0

I have a fairly simple LAN with a few dozen users. 3 DCs all replicating OK, all on Windows Server 2016.

When anyone tries to change their own password with Crtl+Alt+Delete, it won't work. Always comes back with

Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain

If I set the same user up to force them to change password on the next login, they can - to the same password they were trying when they got the error above.

The password that I was trying for a test user was completely new. The error doesn't seem to make sense.

The group policy is set to NOT need complex passwords (while I am getting to the bottom of this), require 9 chars minimum, and in account lockout set to duration 0, threshold 5 and counter 15 mins.

I ran the Group Policy wizard on a user/PC that I just tested on, and it seems to be applying the default domain policy with the settings I just listed above.

Any idea where I can go with this now?

Improve this question

2 Answers 2

Reset to default
1

I believe the answer is that I had some settings in secpol.msc on the main DC as well as in group policy.

I have set the secpol ones back to defaults and seems to be using the group policy ones properly on the domain PCs, including users being able to change their own passwords.

Improve this answer
0

What OS on the user workstations? Doesn't sound like the DC's are updating timely. I'd try powering down the 2nd & 3rd DC and power cycle the workstation to get a clean login and then try again. This will let you know that you are logged in on the domain and then you can validate that it works. Then you can power up the 2nd DC and log out and back in and retest.

Improve this answer
1
  • Hello Kevin, I did try that - I also ran GPRESULT on that PC to see what policies I was picking up. I even created a whole new policy to control just passwords, and left it pretty blank apart from the password length. Nothing I do seems to enable the local user to change passwords properly with ctrl-alt-del, just give the error about complexity or password history, even if I use a fabulously complex password that has never been used before..... Commented Jul 13, 2017 at 13:41

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.