Windows – How to find out the password complexity policy

passwordswindows

A user tries to change his/her password in a Windows domain and it's not accepted:

The password supplied does not meet the minimum complexity
requirements

How can an end-user find out what the requirements are? (The obvious solution would be to contact IT but let's say it's not possible)

Best Answer

Every AD user can see the value of the attribute named "pwdProperties", your id probably set to "DOMAIN_PASSWORD_COMPLEX" (value "1", integer).

AdFind can be used to retrieve many attributes relative to passwords:

AdFind.exe -default -s base lockoutduration lockoutthreshold lockoutobservationwindow maxpwdage minpwdage minpwdlength pwdhistorylength pwdproperties

Here is an example of what you'll get:

AdFind V01.45.00cpp Joe Richards (joe@joeware.net) March 2011

Using server: domain.example.org:389 Directory: Windows Server 2008 R2 Base DN: DC=domain,DC=example,DC=org

dn:DC=domain,DC=example,DC=org

lockoutDuration: -18000000000
lockOutObservationWindow: -18000000000
lockoutThreshold: 0
maxPwdAge: -344736000000000
minPwdAge: 0
minPwdLength: 7
pwdProperties: 1
pwdHistoryLength: 2

1 Objects returned

Best Answer

Related Solutions

Windows – Disabling Password Complexity Requirements on Windows 7

Windows – Can’t change or set password in Windows 7

Related Question