I originally made modifications in Group Policy Management Editor for the Domain Password Policy settings and tried rebooting the PDC and doing a Gpupdate /force. Nothing worked. (This is a single domain controller environment.)
Additional steps I took:
I have gone into Group Policy Management Editor>Domains>(domain Name)>Default Domain Policy (right Click - Edit) Computer Configuration>Policies>Windows Settings>Security Settings>Account Policies>Password Policy and have modified the following fields:
Maximum password age: 90 Days
Minimum password age: 1 Days
Minimum password length: 12 Characters
Password must meet complexity requirements : enabled
Although these settings stay within the Group Policy Editor they do not seem to apply.
To verify, in Powershell (as administrator) I ran:
PS C:\Windows\system32> Get-ADDefaultDomainPasswordPolicy (Results listed below)
ComplexityEnabled : False
DistinguishedName : DC=accounting,DC=local
LockoutDuration : 00:10:00
LockoutObservationWindow : 00:10:00
LockoutThreshold : 50
MaxPasswordAge : 365.00:00:00
MinPasswordAge : 00:00:00
MinPasswordLength : 7
objectClass : {domainDNS}
objectGuid : 664309cc-463b-4a6d-8b82-ed807418ba5d
PasswordHistoryCount : 24
ReversibleEncryptionEnabled : False
So I tried setting the attributes via Powershell: (results below)
PS C:\Windows\system32> Set-ADDefaultDomainPasswordPolicy -Identity accounting.local -ComplexityEnabled $true -MinPasswordLength 12 -MinPasswordAge 1 -MaxPasswordAge 90
PS C:\Windows\system32> Get-ADDefaultDomainPasswordPolicy
ComplexityEnabled : True
DistinguishedName : DC=accounting,DC=local
LockoutDuration : 00:10:00
LockoutObservationWindow : 00:10:00
LockoutThreshold : 50
MaxPasswordAge : 00:00:00.0000090
MinPasswordAge : 00:00:00.0000001
MinPasswordLength : 12
objectClass : {domainDNS}
objectGuid : 664309cc-463b-4a6d-8b82-ed807418ba5d
PasswordHistoryCount : 24
ReversibleEncryptionEnabled : False
The attributes stayed for a few minutes then when I checked they reverted back to default:
PS C:\Windows\system32> Get-ADDefaultDomainPasswordPolicy
ComplexityEnabled : False
DistinguishedName : DC=accounting,DC=local
LockoutDuration : 00:10:00
LockoutObservationWindow : 00:10:00
LockoutThreshold : 50
MaxPasswordAge : 365.00:00:00
MinPasswordAge : 00:00:00
MinPasswordLength : 7
objectClass : {domainDNS}
objectGuid : 664309cc-463b-4a6d-8b82-ed807418ba5d
PasswordHistoryCount : 24
ReversibleEncryptionEnabled : False
Does anyone understand what might be happening? Any help would be appreciated.