Password Complexity Requirements is'nt working.

Raul Chiarella 21 Reputation points


On my DC (Domain Controller) the Policy that enables "Password Complexity" is activated.
But for some unknown reason that i have no idea why it is not working...

When i try to CTRL + ALT + DEL and change a password of any user that belongs to my Active Directory, even if the the password meets the requirements here at this doc: i get the message that says my password does not meet the minimum requirements of Password Complexity...


I tried Pass!2022@, pass#2022, Pass2000.

All of them returns the same error! That the passwords does not meet the minimum requirement...

This is looking a lot like a bug to me! Very weird.

Can someone help me?

A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
4,722 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,817 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,717 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Domagoj Novak 586 Reputation points

    Hello @Raul Chiarella ,

    can you provide the output of PowerShell command "Get-ADDefaultDomainPasswordPolicy" from your DC?

    Also, out of the three passwords you provided, only 1st one should've worked in the first place since the other two don't meet complexity requirements (missing uppercase; missing special character).

    Kind regards,

  2. Thameur-BOURBITA 32,496 Reputation points


    Check the settings of password policy applied on your account by the following Powershell commands :

    This command let you check the settings of default password policy :
    Get-ADDefaultDomainPasswordPolicy -Current LoggedOnUser

    This command let you check the settings of password policy in case of a FGPP is applied on your account :
    Get-ADUserResultantPasswordPolicy -identity UserName

    Please don't forget to mark helpful reply as answer

    0 comments No comments

  3. Limitless Technology 39,336 Reputation points

    Hello RaulChiarella

    There are other factors involved in password complexity and not only the character diversity.

    for example if you run the command NET ACCOUNTS, you will see other factors:

    Force user logoff how long after time expires?:
    Minimum password age (days):
    Maximum password age (days):
    Minimum password length:
    Length of password history maintained:
    Lockout threshold:
    Lockout duration (minutes):
    Lockout observation window (minutes):

    Usually when doing tests the suspect will be the Minimum Password Age, as in you can't change again your password before X days.

    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments No comments