Can not reset User's Password and Cannot create user in Active directory

Question

Hello

We have 3 Domain Controllers. DC1( Central DC) , DC2 (ADC) , DC3 (ADC)

FSMO roles are shown below

Schema master -DC1
Domain naming master -DC1
PDC -DC3
RID pool manager -DC3
Infrastructure master -DC2

We can password reset and also can create new user in AD (DC2). DC2 server is working fine.
The OS version of the working server is windows server 2016.

But we cannot do these things with these 2 servers.(DC1, DC3)
When we going to reset user's password , going to create a new user , below error is happening.

Windows cannot complete the password change for ______ because: The password does not meet the password policy requirements. Check the minimum password length, password complexity and password history requirements.

The OS version of the working (DC1, DC3) server is Microsoft Hyper V server 2019.

The same password policy is configured for these 3 servers.

Enforce password history 5 passwords remembered
Maximum password age 45 days
Minimum password age 0 Days
Minimum password length 8 characters
Minimum password length audit Not Defined
Password must meet complexity requirements Enabled
Store passwords using reversible encryption Disabled

I want to fix this issue. Could you please help me ?

Thanks

Answer 1

Hi,

Can you provide html files from all the three DCs share it via onedrive gpresult /h policy.html seems like some local policy or GPO issues.

Answer 2

Hello Kanchanaumesha,

This may indicate that there is a replication issue between the domain controllers.

Please use DCDIAG and RepAdmin in order to discover those errors:

Use the next commands from each of the DCs:

DCDIAG /c /v
repadmin /showrepl

--------------------------------------------------------------------------------------------------------------------------------------------

--If the reply is helpful, please Upvote and Accept as answer--