Password Complexity Requirements is'nt working.

Raul Chiarella 21 Reputation points
2022-01-17T17:03:37.853+00:00

Hello!

On my DC (Domain Controller) the Policy that enables "Password Complexity" is activated.
But for some unknown reason that i have no idea why it is not working...

When i try to CTRL + ALT + DEL and change a password of any user that belongs to my Active Directory, even if the the password meets the requirements here at this doc: https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements i get the message that says my password does not meet the minimum requirements of Password Complexity...

Yes.

I tried Pass!2022@, pass#2022, Pass2000.

All of them returns the same error! That the passwords does not meet the minimum requirement...

This is looking a lot like a bug to me! Very weird.

Can someone help me?

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
4,722 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,817 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,717 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Domagoj Novak 586 Reputation points
    2022-01-17T19:05:54.423+00:00

    Hello @Raul Chiarella ,

    can you provide the output of PowerShell command "Get-ADDefaultDomainPasswordPolicy" from your DC?

    Also, out of the three passwords you provided, only 1st one should've worked in the first place since the other two don't meet complexity requirements (missing uppercase; missing special character).

    Kind regards,
    Domagoj


  2. Thameur-BOURBITA 32,496 Reputation points
    2022-01-18T02:22:35.583+00:00

    Hi,

    Check the settings of password policy applied on your account by the following Powershell commands :

    This command let you check the settings of default password policy :
    Get-ADDefaultDomainPasswordPolicy -Current LoggedOnUser

    or
    This command let you check the settings of password policy in case of a FGPP is applied on your account :
    Get-ADUserResultantPasswordPolicy -identity UserName

    Please don't forget to mark helpful reply as answer

    0 comments No comments

  3. Limitless Technology 39,336 Reputation points
    2022-01-18T08:56:24.627+00:00

    Hello RaulChiarella

    There are other factors involved in password complexity and not only the character diversity.

    for example if you run the command NET ACCOUNTS, you will see other factors:

    Force user logoff how long after time expires?:
    Minimum password age (days):
    Maximum password age (days):
    Minimum password length:
    Length of password history maintained:
    Lockout threshold:
    Lockout duration (minutes):
    Lockout observation window (minutes):

    Usually when doing tests the suspect will be the Minimum Password Age, as in you can't change again your password before X days.


    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments No comments