AD allows 127 characters. I have (progmatically) set passwords up to this
length. Win9x were limited to 14 IIRC. Some people may have incorrectly
assumed that the AD limit is based on the length of the password field in
the interactive dialog box which is something like 28 characters or so,
but scrolls when that size is exceeded. That may explain the erroneous
documentation. Try setting a password to something straightforward for
testing like A1aaaaaaaaaaaaaaaaaa and verify if it's a length issue or
something else.

Brian

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
On Behalf Of dgonzalez.itpro (at) gmail (dot) com [email concealed]
Sent: Tuesday, May 19, 2009 11:32 AM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: AD Password complexity - passwords too long?

Hello list,

We have password complexities set on our domain; minimum password length
is 8 and all XP users and Windows 2003 servers.

I can set my password to 9-10 characters, but if I try to set it for 10+
characters, they get the error message that they do not meet the
complexity requirements.

I have searched Microsoft documentation, and find minimum length
requirements. I think I saw something about 28 characters, and even 127
characters.

Does anyone know if there is a max password length?

We would like to keep the minimum 8 characters, and the maximum varied at
the users discretion. Can this be done?

Thanks

[ reply ]