Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
I
I
Ingtar2012-12-10 08:19:43
Active Directory
Ingtar, 2012-12-10 08:19:43

Account passwords in AD

Introductory next:
Domain. 2008R2 rose as the first domain controller and rustled merrily. Further, to help and secure, the 2012 server rose to it and began to replicate policies and users from the first controller successfully.
dcdiag on both DCs doesn't show any errors. There are no errors in the logs either.
On the first DC, password requirements have been corrected - Store 0 passwords, the minimum password length is 3 characters, special characters are disabled, minimum-maximum periods are disabled, encryption is disabled.
I can get a user from a snap-in or a script with a password of any complexity.
When a user tries to change the password from the machine, we get an error that the password does not meet the requirements set in the domain.
I changed the requirements in the Default Domain Policy in the Security-Accounts-Passwords section (I don’t remember exactly now, but the place is the same.)
There is a suspicion that users cannot change their password if they were authorized (% logonserver% ) by the second DC.
In which direction can you dig? ..

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
R
Roman, 2012-12-10
@WarP

Check the domain policy, for starters. Maybe the 2012 server is not aware of this policy? For example, the domain policy is set to some OU, and the domain controller is located somewhere else.
In the GPM - Group Policy Management snap-in, right-click on the domain - change the domain controller there and see ... maybe not everything is replicated? :)

Report
A
amc, 2012-12-10
@amc

Toward RSoP.
Check which password policies are in the Default Domain Controllers Policy.

Report
I
Ingtar, 2012-12-12
@Ingtar

I set all the parameters in DDP for passwords to "Not set" and managed to change the password. Hooray!

Similar questions
N
Nicholas Secret2019-03-14 21:13:13
What policy adds the Domain Admins group to the local Administrators group? 4Reply
C
chief2019-03-15 15:06:03
How to map a network drive with full username through AD Group Policies? 2Reply
K
Konstantin2020-12-05 23:49:39
OpenVPN AD LDAP+OTP Authentication Capability? 1Reply
M
Mikhail Lyalin2019-03-22 11:49:06
Is it possible to transfer free space from partition D to partition C using Windows tools in ActiveDirectory? 4Reply
D
Danil2019-03-26 19:04:40
How to restore the health of an AD domain? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question