A password policy can only be set in the default domain policy, so this is
the only place you need look. How many DC's have you got? If you have more
than one then have you got any block inheritance or no override setting set
in your default domain controller policy? If so remove them. I suffered
from a similar problem, and found the cause to be a no override setting on
my default domain controller OU. Everytime I changed the password policy
settings in the default domain GP it changed itself back again! This drove
me nuts for ages, until I found the cause was the no override setting on the
default domain controllers OU. There is mention of this behaviour in a
knowledgebase article somewhere.
> Hello all,
> I was experimenting with "Default Domain Policy" and I
> have imported "securedc" policy to "Security Settings".
> After that I've imported "basicdc" and while importing
> I've checked the "Clear this database before importing"
> option. Even though, the "Password Policy" is still acting
> as "securedc", not as "basicdc". It keeps me asking for
> complex, minimum 8 character passwords while creating a
> new user. This is driving me crazy, I haven't defined
> any "Password Policy" options in "Default Domain
> Policy", "Default Domain Controller Policy" or in my own
> Group Policy for my users, so where the hell are these
> password restrictions coming from?
> Thanks in advance