Change password for users with blank password: Error

Giganews Newsgroups
Subject: Change password for users with blank password: Error
Posted by:  Gross, Michael (michael.gro…@mdm.de)
Date: Thu, 05 Jun 2008

Hi,

we've got several users in our AD (2003) who have blank passwords (because
of historical reasons). We're now planning to implement a password policy
so that all users need to have a password with at least 8 characters.

For testing purposes I've created the following password policy in my test
AD (in the domain group policy object):

  Enforce password history                    0 passwords remembered
  Maximum password age                        0
  Minimum password age                        0 days
  Minimum password lenght                      8 characters
  Password must meet complexity requirements  Disabled
  Store passwords using reversible encryption  Disabled

After performing a gpupdate / force on the DC I tried to set the option

  User must change password at next logon

for the users that have a blank password. Unfortunately this does not
seem to work as I am receiving the following message:

  The following Active Directory error occured: Unable to update
  the password. The value provided for the new password does not
  meet the length, complexity, or history requirement of the
  domain.

This message does not appear for users who already have a password.

I actually don't understand the message "Unable to update password"
as I don't update password but only want to set the option that the
user needs to change it!

Do you know what might be wrong here? I'm looking for a way to force
a password change for all users with blank passwords that meets the
new password policy.

Any suggestions are highly appreciated.

Thanks
Michael

Replies