When trying to change a password for a Active Directory User within a QAS client. The following message is displayed:
This new password does not meet your domain's password policy requirements, Contact your Administrator for information on the minimum password length,
password complexity, and password history requirements. passwd: Authentication token manipulation error
This error comes straight from Active Directory.
The password policy that is mentioned in that reply is the policy set in Active Directory.
This can be checked by running the Domain Security Policy on your domain controller:
Start | Programs | Administrative Tools | Domain Security Policy
Once this opens, Expand
Account Policies | Password Policy
Here it will show you what is defined. The AD users will have to adhere to these rules.
To check the policy for the QAS client use the vastool info adsecurity command.
Here is an example of the command and the output:
-bash-3.00# /opt/quest/bin/vastool -u administrator info adsecurity
Password for administrator@I.TS.HAL.CA.QSFT:
Password policies for domain i.ts.hal.ca.qsft
Default Domain Password Policy
Enforce password history : 24 passwords remembered
Maximum password age : 42d:0h:0m:0s
Minimum password age : 1d:0h:0m:0s
Minimum password length : 4 characters
Password must meet complexity requirements : FALSE
Store password using reversible encryption : FALSE
Account Lockout Policy:
Account lockout duration : 0d:0h:30m:0s
Account lockout threshold : 2 invalid logon attempts
Reset account lockout counter after : 0d:0h:30m:0s