I have a fairly simple LAN with a few dozen users. 3 DCs all replicating OK, all on Windows Server 2016.
When anyone tries to change their own password with Crtl+Alt+Delete, it won't work. Always comes back with
Unable to update the password. The value provided for the new password
does not meet the length, complexity, or history requirements of the
domain
If I set the same user up to force them to change password on the next login, they can – to the same password they were trying when they got the error above.
The password that I was trying for a test user was completely new. The error doesn't seem to make sense.
The group policy is set to NOT need complex passwords (while I am getting to the bottom of this), require 9 chars minimum, and in account lockout set to duration 0, threshold 5 and counter 15 mins.
I ran the Group Policy wizard on a user/PC that I just tested on, and it seems to be applying the default domain policy with the settings I just listed above.
Any idea where I can go with this now?
Best Answer
What OS on the user workstations? Doesn't sound like the DC's are updating timely. I'd try powering down the 2nd & 3rd DC and power cycle the workstation to get a clean login and then try again. This will let you know that you are logged in on the domain and then you can validate that it works. Then you can power up the 2nd DC and log out and back in and retest.