Users cannot change password does not accept new password. RRS feed

  • Вопрос

  • Hello I have a couple of users who are on Windows 7 Ultimate that are attached to our Windows 2003 domain.

    I am having trouble when their passwords expire or just when they try to change their password, when they log in they receive the normal your password has expired or is about to expire, so they try and change it and they get an error that the new password does not meet minimum requirements.

    Now I know for certain that the new password they are trying meets our domains minimum requirements, so is there a setting in WOndows 7 that needs changing locally?
    5 ноября 2009 г. 15:30

Все ответы

  • Thanks for your reply.

    The first KB article shows the error I am getting but I know that users are definitely meeting the requirements.

    Also Windows 7 is not on the list of affected OS'
    6 ноября 2009 г. 9:24
  • Hi Dean132,

    Could you please create a new Test OU on the server without Group Policy and put Windows 7 computers in this new OU?

    We can check whether the computers are affected by Domain policy or not.

    Hope it helps.

    9 ноября 2009 г. 6:41
  • I'm having a similar problem. I've got a new windows 7 user on a 2003 domain who cannot update his password as it 'doesn't satisfy complexity requirements'.

    I've tested it myself with a password that certainly does satisfy the requirements but receives the same error.

    The computer is in contact with the domain controller and the user isn't locked out.

    Policy is being applied to the computer/user.

    Is this a known issue or is there a fix?

    6 октября 2010 г. 15:39
  • How to Troubleshoot Active Directory Password Policy Settings

    "The password does not meet the password policy requirements. Check the minimum password legth, password complexity and password history requirements."

    One thing that most people forget is that when complexity is enabled, the password cannot contain the user's entire Account Name or entire Full Name. The Account Name and Full Name are parsed for delimiters: commas, periods, dashes or hyphens, underscores, spaces, pound signs, and tabs. If any of these delimiters are found, the Account Name or Full Name are split and all sections are verified not to be included in the password. There is no check for any single character or any three characters in succession.


    Visit:, an IT Knowledge Base.
    6 октября 2010 г. 16:53
  • I am having this issue with a 2008 environment.  I have had to reset the password in AD to give him access and now he cannot change his password.  I have tried myself with extremely long, complex passwords but it will not take it.  Any suggestions?
    2 ноября 2010 г. 17:47
  • I tried logging into a 2003 box and saw that it's error said that the minimum age of the password is 30 days even though the policy is set to 0 days.
    2 ноября 2010 г. 21:29
  • Just FYI, I was having this same issue.  After much wrangling and searching, I found a post that explained you cannot have group policy password policies applied by OU's -- there must be only one password policy applied, and it must be applied at the domain level.


    After I cleaned up my Group Policy so that I only had a single password policy, applied to the root of my domain, my users were able to change their passwords again.


    Hope this helps!


    • Предложено в качестве ответа Peter Grace 16 ноября 2010 г. 14:58
    16 ноября 2010 г. 14:58
  • Hello Peter,

    Just for clarification...It is technically possible to have more than one password policy linked in the domain.  However, when targetting DOMAIN USERS, you can only have ONE domain password policy, and it MUST be linked to the domain object.

    If you have a GPO with Policy settings linked to an OU, the policy is valid, but it will not apply to the user objects stored in that OU.  Password Policies are stored within the Computer Configuration of a GPO.  Therefore, a password policy would be applied to computer objects.  If you link it to an OU, the local accounts defined on the computers within the OU will be affected.

    Now with AD 2008, you can also create Fine Grained Password Policies which supplement the domain password policy and you are able to target users and groups.

    How to Implement an Active Directory Password Policy

    How to Troubleshoot Active Directory Password Policy Settings

    Visit:, an IT Knowledge Base.
    • Предложено в качестве ответа Jimmy Colorado 13 января 2011 г. 17:50
    16 ноября 2010 г. 23:34
  • Password Policies are set on computer objects however, in a domain, passwords are not managed by the local computer but rather by the DOMAIN CONTROLLER and therefore you need change the settings in a policy that will be applied to the DOMAIN CONTROLLERS.

    This worked for me.


    8 марта 2011 г. 14:09
  • @Jimmy,  I am not sure if you understood my last posting based on your response. 

    Let me clarify for the benfit of everyone reading this thread...Password Policies are not really user based policies.  If you look at a GPO, you'll notice that password policies are contained in the computer configuration section.  The GPO containing the password policies, MUST be linked to the domain object level.  Domain Controllers (which are computers) read this policy and apply the settings to domain user objects.

    If you were to apply a GPO containing password policies at the OU level, the computers within the OU will read from this policy, and apply the policy to any local user accounts stored on those systems.

    I hope this helps clarify my posting.


    Visit:, an IT Knowledge Base.
    8 марта 2011 г. 20:27
  • I had the same problem. Looking at the password policy settings it said that the minumum password age was set to 1 day. I just had to wait a day to be able to change my password.

    Kind regards,


    26 июня 2012 г. 11:51
  • Hi I had a similar issues and realised that the SD has not set the flag to force password on first logon but just told the user to reset their password once they succesfully logged on. 

    Security by obsurity strikes again!  If only the message mentioned the violation was actually the minimum password age you would find the root cause instantly.

    The password policy also defines a minimum password age of 30 days.  So if you don't set that flag the user can't change his password for 30 days.