RE : [ActiveDir] Unable to log you on because if an account restriction

Wed, 18 May 2005 11:02:00 -0700

Title: Re: [ActiveDir] Unable to log you on because if an account restriction
Hello ;-)
 
On AD 2003 Forest, password complexity is an obligation for all users login into your newly created domain, those who have not passord complexity are subjects to password restricions.
 
The account who is responsible for installing the first DC in domain (administrator by default) is not concerned about this restriction, but only next users.
 
Try to desactivate this restriction :
1)Navigate to- Computer Configuration->Windows Settings->Security Settings->Account Policies -> Password Policies
2)Double Click “Password Must meet complexity requirements“ -> Check “Define this policy setting “ -> “ Disable “ -> “Apply” -> OK
3) Select -> “Minimum Password Length “ -> Double Click
4) Check “Define this policy setting” -> “Password must be at least = 1” -> Apply - > OK
5) reboot your DC and allow replication of all your DCs to take place.
 
Regards,

Yann TIROA


De: [EMAIL PROTECTED] de la part de Mark Parris
Date: mer. 18/05/2005 18:30
À: ActiveDir@mail.activedir.org
Objet : Re: [ActiveDir] Unable to log you on because if an account restriction

I have already done that,

And no joy.

Regards

Mark
-----Original Message-----
From: "Rick Kingslan" <[EMAIL PROTECTED]>
Date: Wed, 18 May 2005 09:36:02
To:<ActiveDir@mail.activedir.org>
Subject: RE: [ActiveDir] Unable to log you on because if an account restriction

Mark,

This may be a bit bizarre, but are you certain that when you restored the
DCs that the passwords of the accounts went with them?  I'm not certain why
this might have occurred, but remember that there is an account restriction
that would apply that REQUIRES a password for all principals.  And, at the
moment I'm not sure that it applies to the Administrator account but I would
think that it does.  You are using the administrator acount and a password,
yes?

So, what I'd suggest is to go in as the Admin, and reset the password of a
another user and have that user try and log in.

Let us know how that works.

-rtk

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Mark Parris
Sent: Wednesday, May 18, 2005 6:15 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Unable to log you on because if an account restriction

Dear all,

I have just performed a disaster recovery of our Windows Server 2003 forest
and I am now receiving the message "Unable to log you on because if an
account restriction" when I try to logon with any account apart from the
administrator account.

I have a two domain forest X.com and child.x.com

When the DC's were first restored and were not communicating with
Each other I could logon using any account, now that the DC's are talking
and replicating I cannot, now only the administrator account works.

I have ensured the GPO's are set correctly, I can see nothing obvious in the
event logs so now it's time to ask my peers if they have experienced any
such issues.

I have restored many forests in DR situations and never experienced this
issue beforer.


Thanks in advance.

Mark
List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Reply via email to