This is a very tricky error to understand:
Windows Event ID: 16979
Message: The domain is incorrectly configured with a MinimumPasswordLength setting that is greater than 14.NOTE: until this is corrected, the domain will enforce a smaller MinimumPasswordLength setting of 14.
Currently configured MinimumPasswordLength value: 15
For more information see https://go.microsoft.com/fwlink/?LinkId=2097191 .
Previous to Windows 10 2004 it was not readily possible to set a minimum password length requirement in GPO to more than 14 characters. Today however, Microsoft wants everyone to scrap passwords altogether by using other methods of authentication or by requiring “passphrases”.
A passphrase is a longer string of text than a typical long password and passphrases can often exceed the previous maximum “minimum password length”, which is a very good thing.
Here is the catch, if you are using the GPO templates for Windows newer than 2004 (i.e. April of 2020) you can now set a GPO that requires more than 14 characters BUT Microsoft did not release a patch for older OS’ like Windows Server 2012R2 that support minimum password lengths of more than 14 characters. Hence the error you are seeing.
Put simply, you can now set a GPO that requires passwords to be greater than 14 characters in length, but old Operating Systems like Server 2012 R2, can not enforce that requirement.
0 Comments