No matter what I'm trying to throw at it, this method here always results in the following exception:
var retVal = this.DirectoryEntry.Invoke("ChangePassword", new object[] { oldPassword, newPassword }) == null;
InnerException = {"The password does not meet the password policy requirements. Check the minimum password length, password complexity and password history requirements. (Exception from HRESULT: 0x800708C5)"}
I naturally checked domain default policy (none found in my test domain), OU Group policy (none exists) and can not find anything that could govern the password policy, yet no matter how long or complex the password I supply into the function is, it results in the same exception. Now the most interesting part Is when I do the same (for the same DirectoryEntity object and the same password) by calling this:
var retVal = this.DirectoryEntry.Invoke("SetPassword", new object[] { newPassword }) == null;
The last call succeeds w/o any issues.
There are a number of group policies going to affect the password complexity. Most of them are turned on by default after you installed Active Directory. If you have never touched them after you setup your test domain, very likely, those password policies are still in place.
This is what my test domain default domain security settings look like. If you didn't change it before, it should look similar.
You can find detail descriptions on each of the policies on MSDN. I will just include a summary and a link here.
All the above settings can be the cause of your 0x800708C5 error. In particular, I guess it's the "minimum password age" password policy causing you trouble. It's by default set to 1 day. If your test account is a new user account created just now, you may not change your password in the same day.
So now, you may think that in your test environment, you should disable all these password policies for development purpose. I won't recommend simply make all the polices undefined by unchecking the checkbox in the property pages. I would recommend the following setttings.
One final step you need to do is to populate the group policy to your machine again. Remember, the group policy is the settings stored on Active Directory. The machine group policies are applied at the machine bootup time while the user group policies are applied at the user logon time. Password policies are one of those machine policies. So, you can either reboot your computer now or you can go to command prompt and run gpupdate
.
I hope I didn't miss any important information. Let me know if it still doesn't work :)
I don't have a direct answer but there is another similar question here: https://stackoverflow.com/questions/2517262
Be careful with SetPassword as it will destroy private user crypto keys: http://msmvps.com/blogs/alunj/archive/2006/11/07/ChangePassword-versus-SetPassword.aspx
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With