Disabling Password Complexity for OU and C# App creating AD accounts

Posted on

Disabling Password Complexity for OU and C# App creating AD accounts – Managing your servers can streamline the performance of your team by allowing them to complete complex tasks faster. Plus, it can enable them to detect problems early on before they get out of hand and compromise your business. As a result, the risk of experiencing operational setbacks is drastically lower.

But the only way to make the most of your server management is to perform it correctly. And to help you do so, this article will share nine tips on improving your server management and fix some problem about active-directory, group-policy, windows-server-2012, password, windows.

I created a C# app that is creating a series of AD accounts from a database. The issue i am running into is the passwords i am gathering had no complexity requirements so when i am passing them into our domain i get an error saying “The server is unwilling to process the request”. I traced my code and its breaking on the password because it is not complex enough for our domain. I then created a GPO for the specific OU that i am creating these accounts in to disable password complexity and for security i added in my user and the computer that i am running my C# app from.

I am still running into this error where it will change the password on the account i created. Am i missing something or is there a better way to get around this?

I have included the code i am using in my C# app to create and change the password. The code is correct because it works on accounts that do have a complex enough password. The DC is Server 2012, but i don’t think that matters.

                //Creates User
            string cnUser = acctNumber + "_" + userName;
            DirectoryEntry newUser = dirEntry.Children.Add("CN=" + cnUser, "user");
            newUser.Properties["samAccountName"].Value = cnUser;
            newUser.Properties["userPrincipalName"].Value = cnUser;
            newUser.Properties["pwdLastSet"].Value = 0;
            newUser.CommitChanges();

            //Changes Password
            String passwrd = userPassword.ToString();
            newUser.Invoke("SetPassword", new object[] { passwrd });
            newUser.CommitChanges();

            //Sets User Account to Change Passowrd on new login
            newUser.Properties["pwdLastSet"].Value = 0;
            newUser.CommitChanges();

Solution :

You may only define one password policy via GPO for the entire domain.

You may then set fine-grained password policies, however be aware that you do not apply fine grained password policies to OUs as you do with GPOs. Rather, you apply them to users and groups.

http://technet.microsoft.com/en-us/library/cc770394(v=WS.10).aspx

Leave a Reply

Your email address will not be published. Required fields are marked *