Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
I
I
Ingtar2012-12-10 08:19:43
Active Directory
Ingtar, 2012-12-10 08:19:43

Account passwords in AD

Introductory next:
Domain. 2008R2 rose as the first domain controller and rustled merrily. Further, to help and secure, the 2012 server rose to it and began to replicate policies and users from the first controller successfully.
dcdiag on both DCs doesn't show any errors. There are no errors in the logs either.
On the first DC, password requirements have been corrected - Store 0 passwords, the minimum password length is 3 characters, special characters are disabled, minimum-maximum periods are disabled, encryption is disabled.
I can get a user from a snap-in or a script with a password of any complexity.
When a user tries to change the password from the machine, we get an error that the password does not meet the requirements set in the domain.
I changed the requirements in the Default Domain Policy in the Security-Accounts-Passwords section (I don’t remember exactly now, but the place is the same.)
There is a suspicion that users cannot change their password if they were authorized (% logonserver% ) by the second DC.
In which direction can you dig? ..

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
R
Roman, 2012-12-10
@WarP

Check the domain policy, for starters. Maybe the 2012 server is not aware of this policy? For example, the domain policy is set to some OU, and the domain controller is located somewhere else.
In the GPM - Group Policy Management snap-in, right-click on the domain - change the domain controller there and see ... maybe not everything is replicated? :)

Report
A
amc, 2012-12-10
@amc

Toward RSoP.
Check which password policies are in the Default Domain Controllers Policy.

Report
I
Ingtar, 2012-12-12
@Ingtar

I set all the parameters in DDP for passwords to "Not set" and managed to change the password. Hooray!

Similar questions
V
vlarkanov2020-05-15 22:22:32
Postfix: switching from users in MySQL to users in AD - how? 0Reply
A
Anton Ulanov2018-03-31 09:19:07
How to set up smb in freenas? 0Reply
P
Pavel Emelyanov2018-04-09 05:42:13
I can’t add a PC to the domain via VPN, although I can access the DC by the domain name. Why? 1Reply
A
Artem Kiryanov2015-12-02 17:58:04
How do I build and deploy Windows 8.1 on client computers? 1Reply
B
bigazzzz2020-05-24 17:33:48
How to move a domain controller to a branch? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question