question

BakerJohnRCUSDIFASRDTE-9745 avatar image
0 Votes"
BakerJohnRCUSDIFASRDTE-9745 asked DannyTuen-6308 answered

GPO password minimum length limited to 14 characters

I've dug through threads where this question has been asked before but found no answers to this question.

We have a Windows 2016 domain running with an extensive set of group policies.
The domain controllers are running Windows Server 2016 Version 1607 (OS Build 14393.4651) and are updated to the latest patch levels.
When I attempt to edit a GPO for restricted accounts as required by corporate measure plans, the minimum password length is limited to 14 characters. The measure plan requires 15 or more.

Powershell shows the following
PS C:\Users\adminXXXXX> Get-ADObject (Get-ADRootDSE).schemaNamingContext -Property objectVersion
DistinguishedName : CN=Schema,CN=Configuration,DC=aaaaa,DC=bbbbb,DC=ccc
Name : Schema
ObjectClass : dMD
ObjectGUID : e450e53f-24cc-47c0-956f-d1d1f53d381d
objectVersion : 87

I updated the schema to Server 2019

I mounted a Server 2019 ISO and executed F:\support\adprep>adprep /forestprep
which reported
Current Schema Version is 87

Upgrading schema to version 88

Verifying file signature
Connecting to "DC01.xxxx.net"
Logging in as current user using SSPI
Importing directory from file "F:\support\adprep\sch88.ldf"
Loading entries........
7 entries modified successfully.

The command has completed successfully
Connecting to "DC01.xxxx.net"
Logging in as current user using SSPI
Importing directory from file "F:\support\adprep\PAS.ldf"
Loading entries....................
26 entries modified successfully.

The command has completed successfully
Adprep successfully updated the forest-wide information.

I then executed adprep /domainprep
Which reported
Adprep successfully updated the domain-wide information.


PS C:\Users\adminbakejx> Get-ADObject (Get-ADRootDSE).schemaNamingContext -Property objectVersion
DistinguishedName : CN=Schema,CN=Configuration,DC=jocy,DC=siemens,DC=net
Name : Schema
ObjectClass : dMD
ObjectGUID : e450e53f-24cc-47c0-956f-d1d1f53d381d
objectVersion : 88

I am at a loss as to how to get the GPO set to more than 14 characters.

windows-active-directorywindows-group-policy
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered

Hello John,

I think you are missing the new policies after Windows version 2004 which introduces a new Group Policy setting that allows you to configure the minimum password length to a value greater than 14.

But to let the new settings apply to workstations, we need to activate the Relax minimum password length limits setting, which was added with Windows 10 2004, the Group Policy Management Editor allows up to 128 characters.

Hope this helps in your case,
Regards,




--If the the reply is helpful, please Upvote and Accept as answer--

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

BakerJohnRCUSDIFASRDTE-9745 avatar image
0 Votes"
BakerJohnRCUSDIFASRDTE-9745 answered

I am certainly missing new policies. The underlying question is how to get them updated at the domain level.
This policy may comer into play with some of our Windows 10 workstations and VMs, it is the 2016 and 2019 servers that need to recognize it though.


134239-image.png



image.png (67.1 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

CampbellScottCRAB-3426 avatar image
0 Votes"
CampbellScottCRAB-3426 answered CampbellScottCRAB-3426 published

I have this exact same problem and was really excited when i found this thread. Too bad it doesn't have an answer.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DannyTuen-6308 avatar image
0 Votes"
DannyTuen-6308 answered
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.