Problem changing AD password

[dosser]

When I go into system preferences to change a users password I get the following error:

You cannot change your password to the password you entered.

and then some more text telling me to see my administrator about complexity blah, blah…..

The password I tried to set uses 8 total characters including one cap and one number – doesn’t work. However, if I simply put in 9 x’s it will work. On the AD DC – the security policy is set only to require a minimum length of 4 characters and complexity requirement is disabled. Any idea where the mac is picking up that it needs more than 8 characters?

Also if I set the flag to change on next login on the AD DC, it tries to do so on the mac, but I get the shake when I enter the new password and verify – could this simply be the same problem? It does not seem to be as when I enter the 9 x’s it is will not let me in….

Thanks,
Matt

[SidNitzerglobin]

I have largely the same problem. I have only been able to successfully change AD passwords from an OS X 10.4.10 client using the AD plugin by manually setting the “User must change password at next logon” checkbox in the properties of the account within ADUC and logging into the domain from the OS X system login screen. All other methods (System Preferences\Accounts\Change Password, Connect to Server\Options\Change Password, etc.) give me a “You cannot change password, does not meet complexity requirements” message even though the new password meets and exceeds our complexity policy.

Really wish I could figure out a fix for this…

[mlinde]

I’ve been looking for this post!

I am experiencing the same problem, but only with portable systems. None of my desktops. I can verify AD connectivity (dsconfigad -show) but user/account information is not syncronizing (id domain/user). If I use id, I get the local cached information but nothing from the domain. If I unbind and rebind, it works.

However, that’s not an viable solution, since our password policy has a 120 day expiration, and portable users aren’t always in the office when their password expires.

What gives, and how do I fix it?

[mlinde]

-bump-

Before I open yet another support ticket with Apple, I’m wondering if anyone here knows how/why this happens. I verified it again today when I returned from vacation. Plugged my system into the network, verified connectivity to the AD server, fired up terminal, and checked system settings via dsconfigad.

However, when attempting to verify actual connectivity and data transfer between the MacBook Pro and the AD server (with [code]id domain\\username[/code]) it does not recognize the user. I have to unbind and rebind AD to have the id command work, and the system actually tie back into the domain.

I’ve seen this with multiple systems now, and my work-around works, but it shows a failure somehow/somewhere, and I’d rather fix the problem than work around it everytime.

Any suggestions?

[Author]

Posts