Featured image

I recently ran into an issue where I couldn’t change the password of an account in AD from one of the Domain Controllers. I realised it’s because it has a different Group Policy than other computers.

  1. Open Group Policy Management (gpmc.msc).
  2. Expand your forest, expand the Domains container, expand your domain, and then right click on the Domain Controllers container.
  3. Pick “Create a GPO in this domain, and Link it here…”.
  4. Pick a name for your GPO (e.g. “Disable Password Complexity Rules”) and click OK.
AD-DC-Password-Complexity-GPO-1
Note from future self: Why did you make these images like this.
  1. Expand the Domain Controllers container, right click on your new policy, and pick “Edit…”.
  2. Navigate through Computer Configuration > Policies > Windows Settings > Security Settings > Account Policies.
  3. Open the policy named “Password must meet complexity requirements” and set it to Disabled. AD-DC-Password-Complexity-GPO-2

The policy is now set, and all you need to do is run gpupdate, so open cmd and do that. It can take a few seconds.

AD-DC-Password-Complexity-GPO-3

Once gpupdate has completed, you’re all set.


I always welcome feedback on my posts, please contact me if you have any. I’m also happy to answer any related questions if I know the answer.