Cannot disable password complexity or reduce password length below 8 characters! Help!


  • Hi folks,

    I've got a problem that's really driving me up the wall. I have a single 2008R2 DC. I have the default domain policy and the default domain controllers policy GPOs. That's it. The domain controllers policy has no password settings.

    Here's how my group policy is set up (default domain policy)

    However, my domain appears to be stuck on 8 characters with complexity enabled. After reboot, after gpupdate. DCdiag has NO errors. The event log picks up the change and says it was successfully applied. Get this - I can increase password length to 9 characters and that works! I can reset it back to 8 characters, and that works. But if I set it to less than 8 or disable complexity, these changes do not work. The only thing I've done recently is to install MessageOps (Kaseya) password sync to sync passwords to Office365. I can't imagine 3rd party software would interfere with GPOs though?




    Sunday, March 1, 2015 9:05 PM


  • Ok, fixed it. Despite MessageOps / Kaseya's documentation clearly stating that their password sync tool does not enforce complex passwords, after an email exchange with their tech support, they admitted that earlier versions DID enforce complexity. I uninstalled their password sync server and client (both on the same DC) and rebooted. I was then able to install Dirsync.
    • Marked as answer by Jude Sudbury Friday, March 6, 2015 6:17 PM
    Friday, March 6, 2015 6:17 PM

All replies