This issue was simulated in my lab by expiring the Administrator password in order to give a detailed explanation of the root cause and suggest remediations (ways to fix). The error here can happen to anyone, especially when the password is repeated, does not meet the length, complexity, or history requirements as stated below. For best practices, ensure you have your default Administrators account disabled. When not disabled, it can be compromised. Here is a guide on how to synchronize your on-premises AD with Azure Active Directory using the Azure AD Connect tool, and how to use the built-in AAD Connect troubleshooting tool.
Here are some other reasons why this error can be prompted.
- Your given names are part of the password.
- Passwords were previously used (This depends on your password history how far it goes back 12, 24 passwords)
- You must have one “Capital” letter and one special character such as $,#,% etc. (Absolutely depends on your Password Policy).
Note: As stated previously, they all depend on your domain-specific policy requirements.
This was fixed by simply changing the password to a different value, other than the previously used in my case. This ensured the previous error was corrected.
For minimum password requirements, kindly see this link. Below are other ways to troubleshoot these issues, if the above steps do not work.
1. Group Policy Management: For Domain managed PCs, this policy can be defined and applied as defined by your organization. To do this, kindly open the Group Policy Management Console and follow the steps below.
– Expand the Computer Management
– Policies
– Windows Settings
– Security Settings
– Accounts Policies
– Password Policy and modify the following details as desired. Currently, this is not configured in my lab.
To configure this, simply double click or right-click on any of the policies
– Select edit and then enable the policy and finally
– click on ok.
Note: Finally ensure, the users log-off or login again, or force the group policy using gpupdate /force.
2. Local Group Policy: On your local machine (PC) that is not managed by the domain, simply navigate to the Local Group Policy Editor by following the steps below.
This can be accessed via the tying run in the start menu
– In the run dialog window, type gpedit.msc
– This will open up the Local Group Policy Editor.
– Expand the Computer Configuration
– Expand Windows Settings
– Expand Security Settings
– Expand Account Policies and finally
– Click on the password Policy as shown below
These settings can be modified here as shown above. After modification, you can restart your PC, log-off, and log-on or force the group policy using gpupdate /force.
I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.