Password rotation

[luke]

Hi All,

I recently moved all domain users over to password rotation over 90
days. What is happening now is that the date comes up for the user to
change, they are presented with a login screen with 3 fields - old
password - new - confirm new. They place their old password in - and
make up and confirm a new one (not the same password). Yet a message
is returned saying something like the password must exceed 8
characters and an old one cannot be used again. Yet they are using a
completley new password which is well over 8 characters long.

This is the domain security policy

Enforce PassWord History: 5 passwords remembered.
Max password age: 90 days.
Min password age: 1 day.
Min password length: 8 Characters.
Pssword must meet complexity: Disabled.
Store Pssword using reverse encrypt: Disabled.

Can't seem to figure this. Anyone got any ideas???

Regards,

Luke

 

[Hindy]

Closest I can find is:
http://support.microsoft.com/default.aspx?scid=kb;en-
us;273004
but looking at your settings, it doesn't look like this
will be relevant.

Other possibilities could be if you have 'Block Policy
Inheritance' set on the Domain Controllers OU, or you
have a conflicting password policy set on the DC's OU
(even though best practice is set at domain level,
password policies set here will still take effect).

Maybe try a password that would meet complexity
requirements to see if something has gone wrong there (at
least 3 of lowercase, uppercase, numbers, punctuation
characters).

Can a user change their password successfully before it
expires?

Try those for now while I see if I can find anything else.

 

[Miha Pihler]

In this case you can set remember e.g. last 99 passwords .