I'm using federated identity for Office-365 single sign-on. I have added the password change endpoint to my ADFS 3.0 server, and successfully opened the adfs update password page. However, whenever I try to update the password I get the error above. I made sure of the following:
1- I made my password too complex, containing capital, small, number and non-alphanumeric character
2- I waited for 1 hour as I found that the minimum age for the password is 1 hour in the ADSI Editor
I opened Group Policy Management–> expanded my domain name –> Domain Controllers –> Default Domain Controllers Policy –> Right-Click Edit –> navigated to Password Policy. I found that all the Policy settings are set to "Not Defined".
I opened my ADFS server and opened Local Group Policy Editor –> navigated to Password Policy and the settings are as follows:
I made sure that my password complies with these settings:
When this policy setting is enabled, users must create strong
passwords to meet the following minimum requirements:Passwords cannot contain the user's account name or parts of the
user's full name that exceed two consecutive characters.Passwords must be at least six characters in length.
Passwords must contain characters from three of the following four
categories:English uppercase characters (A through Z).
English lowercase characters (a through z).
Non-alphabetic characters (for example, !, $, #, %).
What could be wrong that I can't update the password through the ADFS password change page?
Best Answer
Although I change the minimum password age in the password policy but I still had to change the minimum password age to 0:00:00 in the ADSI Editor for the DC i'm in.
@JimB and @Craig620, your help is greatly appreciated.