This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 72%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERC%3C/text%3E%3C/svg%3E)
Hello!
On my DC (Domain Controller) the Policy that enables "Password Complexity" is activated.
But for some unknown reason that i have no idea why it is not working...
When i try to CTRL + ALT + DEL and change a password of any user that belongs to my Active Directory, even if the the password meets the requirements here at this doc: https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements i get the message that says my password does not meet the minimum requirements of Password Complexity...
Yes.
I tried Pass!2022@, pass#2022, Pass2000.
All of them returns the same error! That the passwords does not meet the minimum requirement...
This is looking a lot like a bug to me! Very weird.
Can someone help me?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 95%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDN%3C/text%3E%3C/svg%3E)
Hello @Raul Chiarella ,
can you provide the output of PowerShell command "Get-ADDefaultDomainPasswordPolicy" from your DC?
Also, out of the three passwords you provided, only 1st one should've worked in the first place since the other two don't meet complexity requirements (missing uppercase; missing special character).
Kind regards,
Domagoj
Output:
ComplexityEnabled : True
DistinguishedName : DC=my_domain,DC=com,DC=br
LockoutDuration : 00:30:00
LockoutObservationWindow : 00:30:00
LockoutThreshold : 10
MaxPasswordAge : 00:00:00
MinPasswordAge : 00:00:00
MinPasswordLength : 7
objectClass : {domainDNS}
objectGuid : aee123f0-529d-123e-9491-1230847a2123
PasswordHistoryCount : 5
ReversibleEncryptionEnabled : False
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 80%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETB%3C/text%3E%3C/svg%3E)
Hi,
Check the settings of password policy applied on your account by the following Powershell commands :
This command let you check the settings of default password policy :
Get-ADDefaultDomainPasswordPolicy -Current LoggedOnUser
or
This command let you check the settings of password policy in case of a FGPP is applied on your account :
Get-ADUserResultantPasswordPolicy -identity UserName
Please don't forget to mark helpful reply as answer
Hello RaulChiarella
There are other factors involved in password complexity and not only the character diversity.
for example if you run the command NET ACCOUNTS, you will see other factors:
Force user logoff how long after time expires?:
Minimum password age (days):
Maximum password age (days):
Minimum password length:
Length of password history maintained:
Lockout threshold:
Lockout duration (minutes):
Lockout observation window (minutes):
Usually when doing tests the suspect will be the Minimum Password Age, as in you can't change again your password before X days.
--If the reply is helpful, please Upvote and Accept as answer--
