We have seen this issue a couple of times over the last year and I
havent found a solution online to exactly explain what the solution we
found. Maybe I just missed it. So I decided to post it here just in case
it can help someone else out of an hour of testing.

We see this issue when someone changes their password other than through
the MS password prompt on the workstation, for example when you change
your password through SSPR.

You will see that the password gets changed in all the connected
systems, except AD. When you check the error log you see the following

[03/09/16 11:49:28.700]:ADdriver :
<nds dtdversion="1.1" ndsversion="8.7">
<product asn1id="" build="20150311_120000"
instance="\PHSIDV\pembroke\services\Pluto Driver Set\Active Directory
Driver" version="">AD</product>
<contact>NetIQ Corporation</contact>
<status event-id="pwd-subscribe" level="error"
<message>Password set failed.</message>
<ldap-err ldap-rc="53"
<client-err ldap-rc="53"
ldap-rc-name="LDAP_UNWILLING_TO_PERFORM">Unwilling To
<server-err>0000052D: SvcErr: DSID-031A120C, problem 5003
<server-err-ex win32-rc="1325"/>

What we found to be happening is users are including part of their name
or letters that MS recognize as part of their name in the password.

For example a user with the name Tom cannot use Tomato2015. MS will
reject it.

Below is snippet from the MS manual.

This security setting determines whether passwords must meet
complexity requirements. Complexity requirements are enforced when
passwords are changed or created.

If this policy is enabled, passwords must meet the following minimum
requirements when they are changed or created:

Passwords must not contain the user's entire samAccountName (Account
Name) value or entire displayName (Full Name) value. Both checks are not
case sensitive:

As you can guess, folks with three letter names are by far the most
affect by this.

Hope this helps the next person.


allenmorris's Profile: https://forums.netiq.com/member.php?userid=1565
View this thread: https://forums.netiq.com/showthread.php?t=55520