Cannot Enable the Disabled Active Directory User Accounts Created Using Management Agent (282224)


The information in this article applies to:

  • Microsoft Windows 2000 Advanced Server
  • Microsoft Metadirectory Services 2.2
This article was previously published under Q282224

SYMPTOMS

You created disabled accounts using the Active Directory Management Agent (MA). When you attempt to enable these accounts, you may receive the following error message:
Windows cannot Enable Object Userx because:
Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirement for the domain.

CAUSE

This behavior can occur because a password policy has been set on the domain and the password assigned to the user does not meet this requirement.

RESOLUTION

To resolve this behavior, you must either reset the password to meet the requirement or change the password policy to a less stringent requirement. Select either of the following methods to resolve this behavior:

Steps to Reset the Password

  1. Start the Active Directory Users and Computer administrators tool.
  2. Select a user account under the domain and the container where the user is located.
  3. Right-click on the user and select the option to reset the password.
  4. Type in the password that follows your security policy. If the Password Complexity feature is enabled, you need to have one capital letter and a number included in the password. The Password History or the Length Requirements features may also cause the preceding error message.
  5. Confirm the password and click OK to close the dialog box.

Steps to Verify and Change the Domain Security Settings Password

  1. Open the Active Directory Users and Computers management console.
  2. Right-click the name of the domain and click Properties.
  3. Click the Group Policy tab.
  4. Click Default Domain Policy.
  5. Click Edit to open the Group Policy Editor.

    NOTE: Security policies can only be applied at the domain level.
  6. Expand Computer Configuration.
  7. Click Windows Settings.
  8. Click Security Settings.
  9. Click Account Policies.
  10. Click Password Policy.
  11. Check the settings of the Minimum Password Length, Password History, and Password Complexity features.
  12. To view the settings and to change them, double-click on each policy.
  13. Click OK to close the Security Policy setting.
  14. Close Group Policy Editor.
  15. Close the Active Directory Users and Computers management console.
  16. To update the policy setting, refer to the next section entitled: "Steps to Refreshing the Machine Policy on a Domain Controller".

MORE INFORMATION

Steps to Refreshing the Machine Policy on a Domain Controller

  1. Open a command prompt at the domain controller.
  2. Type: secedit /refreshpolicy machine_policy /enforce
  3. The following message should be displayed: "Group policy propagation from the domain has been initiated for this computer. It may take a few minutes for the propagation to complete and the new policy to take effect. Please check Application Log for errors, if any."
Modification Type:MinorLast Reviewed:1/25/2006
Keywords:kbenv kbprb KB282224
©2004 Microsoft Corporation. All rights reserved.