Содержание
- Часть 1: Как исправить Windows не может завершить смену пароля из-за ошибки 0x800708c5
- Часть 2: Причина, по которой пароль должен соответствовать требованиям сложности
- 1. Включить историю паролей
- 2. Максимальный возраст пароля
- 3. Минимальный возраст пароля
- 4. Минимальная длина пароля:
- 5. Соответствие требованиям сложности
- 6. Храните пароли с помощью обратимого шифрования.
- Резюме
Вы можете столкнуться с ошибкой 0x800708c5 при запросе сброса пароля. Это означает, что пароль не соответствует требованиям политики паролей. Это показывает, что пароль, который вы пытаетесь установить, не соответствует политике паролей, установленной на стороне домена. Иногда администратор обновляет политику паролей, и ваш пароль совместим со старыми политиками. Ваш старый пароль будет работать до тех пор, пока вы не забудете пароль или его срок действия не истечет автоматически. Когда вы собираетесь сбросить пароль, вы можете ввести самый надежный пароль, но система не примет его, пока вы не встретите новые правила. Если вы не знаете, как взломать код ошибки, позвольте нам помочь вам. Возьмем последние четыре цифры, в данном случае это 08c5; преобразуйте его в десятичное из шестнадцатеричного, это будет 2245. Теперь откройте командную строку и введите «net helpmsg 2245», и это покажет вам подробную информацию об ошибке. Чтобы решить эту проблему, вы можете выполнить следующие шаги.
- Часть 1: Как исправить Windows не может завершить смену пароля из-за ошибки 0x800708c5
- Часть 2: Причина, по которой пароль должен соответствовать требованиям сложности
Перезапуск служб AD не поможет вам решить эту проблему, и, скорее всего, вы не сможете перезапустить сервер в рабочее время. Итак, вам нужна альтернатива, которая решит вашу проблему как можно скорее. PassFab 4WinKey — единственное профессиональное программное обеспечение, которое обеспечивает 100% успешную смену не только паролей домена, но и любых типов паролей Windows. У большей части программного обеспечения такая возможность отсутствует, но PassFab 4WinKey упростил ее пользователям. PassFab 4WinKey стирает надежный и сложный пароль домена за меньшее время. В следующих нескольких шагах вы поймете, как это происходит.
Шаг 1: Загрузите и установите PassFab 4WinKey на свой компьютер. Запустите его, чтобы записать загрузочный диск с USB или CD / DVD.
Шаг 2: Затем вставьте загрузочный диск в компьютер, перезагрузите компьютер и нажмите F12 или ESC, чтобы войти в интерфейс меню загрузки.
Шаг 3: Теперь вы должны выбрать операционную систему Windows и учетную запись Windows, которая необходима для сброса пароля. Затем нажмите «Далее», чтобы сбросить пароль Windows.
Шаг 4: Весь процесс займет несколько минут, и вам будет предложено снова перезагрузить компьютер, чтобы ввести новый пароль.
Теперь вы можете передать этот пароль своему пользователю. Но ваш пользователь снова столкнется с той же проблемой при сбросе пароля. Одно из решений состоит в том, что вы можете спросить пользователя, какой пароль он хочет установить, и эта информация будет полностью конфиденциальной, а другое — вы можете проверить требования к паролю и сообщить пользователю о новых политиках паролей. Использование параметра 1s может быть неправильным, или вы можете обидеть пользователя, задав этот вопрос, поэтому вам следует выбрать второй вариант, который обсуждается во второй части вместе с причиной, по которой пароль должен соответствовать сложности.
Часть 2: Причина, по которой пароль должен соответствовать требованиям сложности
Следует учитывать сложные политики паролей, потому что данные пользователя — это самое главное. Пользователь доверяет вам свою информацию, и теперь вы обязаны ее защитить. Но установка более сложных политик паролей заставит пользователя обратиться в службу поддержки или записать пароль где-нибудь, что более уязвимо. Следовательно, политика паролей должна балансировать между надежной и простой политикой паролей. Ниже приведены требования, которые применяются ко всем учетным записям пользователей в домене:
1. Включить историю паролей
Эта политика гарантирует, что пользователь не будет использовать тот же пароль или пароль, который использовался ранее для этой учетной записи. Значение по умолчанию на контроллере домена — 24, в то время как большинство отделов I используют значения выше 10.
2. Максимальный возраст пароля
Эта политика определяет период, в течение которого можно использовать уникальный пароль. По истечении этого определенного времени пользователю предлагается установить новый пароль. Стоимость варьируется от 1 до 999 дней. Значение по умолчанию — 42, но 30 в основном используется ИТ-отделами.
3. Минимальный возраст пароля
Эта политика определяет период, по истечении которого пользователь может изменить свой пароль. Значение по умолчанию — 1. Если установлен принудительный пароль, минимальный срок действия пароля должен быть выше 0. Если максимальный срок действия пароля установлен от 1 до 999 дней, минимальный срок действия пароля должен быть меньше, чем максимальный срок действия пароля. Если Максимальный срок действия пароля установлен на 0, Минимальный срок действия пароля может быть любым значением от 0 до 998 дней.
4. Минимальная длина пароля:
Определяет количество символов, которое может содержать пароль. Значение домена по умолчанию — 7, но значение может варьироваться от 1 до 14.
5. Соответствие требованиям сложности
Эта политика определяет, должен ли новый пароль соответствовать требованиям или нет. Если он включен, перед рассмотрением нового пароля должны быть выполнены следующие критерии.
1. Пароли не могут содержать имя учетной записи пользователя или части полного имени пользователя, длина которых превышает два последовательных символа.
2. Пароли должны иметь длину не менее шести символов или количество символов, указанное в параметре политики Минимальная длина пароля.
3. Пароли должны содержать символы как минимум трех из следующих четырех категорий:
- Заглавные буквы английского алфавита (A – Z)
- Символы английского алфавита в нижнем регистре (a – z)
- Базовые 10 цифр (0–9)
- Не буквенно-цифровые символы (например,! $ #,%)
Этот параметр политики включен по умолчанию на контроллерах домена и отключен по умолчанию на автономных серверах.
6. Храните пароли с помощью обратимого шифрования.
Эта политика гарантирует, следует ли сохранять пароль с обратным шифрованием или нет. Это может помочь от злоумышленников. По умолчанию эта политика отключена.
Резюме
Теперь вы можете настроить свою политику паролей соответствующим образом, но убедитесь, что для пользователя не должно быть слишком сложно, что он / она не может запомнить пароль, не так легко для любого хакера, чтобы взломать его. Общей политикой, используемой повсеместно, является «сочетание прописных и строчных букв, цифр и символов, длина которых обычно составляет минимум семь символов». Это сбалансированная политика. Не волнуйтесь, если вы установили строгую политику после того, как пользователь свяжется с вами для сброса своего пароля, вы можете использовать PassFab 4WinKey, чтобы легко сбросить пароль, не влияя на другие действия вашего сервера.
- Remove From My Forums
-
General discussion
-
the user is trying to logon but the cannot and i tried to reset the password but this the error that pops up
Windows cannot complete the password change for User1 because: Error 0x800708c5
If anyone there please help i urgently need assistance.
Thank you
Katty
All replies
-
I the user logging into a computer locally, or into a domain? How are you changing the password? I believe the error means:
The password does not meet the password policy requirements.
which would indicate either the password is not long enoungh, not complex enough (letters, caps, numbers, symbols), or the password was already used by the user (password history). Try another password.
Richard Mueller — MVP Directory Services
-
Hi Richard,
Thank you for your response.
The user is loggin into domain. When i tried to change the password it gave this error message also.
Windows can not complete the password change for <var>user name</var> because:
The password does not meet the password policy requirements. Check the minimum password length, password complexity, and password history requirements.The password is more than seven characters and the user has forgotten what the password was so i wanted to reset the password.
Any suggestions
thanks Katty
-
Hi Richard,
Thank you for your response.
The user is loggin into domain. When i tried to change the password it gave this error message also.
Windows can not complete the password change for <var>user name</var> because:
The password does not meet the password policy requirements. Check the minimum password length, password complexity, and password history requirements.The password is more than seven characters and the user has forgotten what the password was so i wanted to reset the password.
Any suggestions
thanks Katty
Hi Richard,
I got the problem solved.
Below is the solution might help some one with the similar issue.
There are to places where complaex passwords can be defibned, one in the Default Domain GPO the other on the Domain Controller GPO. If either of these were «enabled», you have to change it to «disabled», simpliy changing it to «not difinef» leaves the policy
in place.note: run «gpupdate /force»
Thank You
Katty
-
Yes, if password does not meet the policy it gives this error. if password is more than 6 digits it resets the password.
-
Check if any Fine Grain Password policy is applied for the user. If so kindly remove the user from the fine grain password policy.
-
My gpo does not allow to give name or surename as a password.
When i try to reset password for user who have name Tomaso its 3 scenarios:
1. Password Tomaso34 now its Error 0x800708c5. Password have name such as name of user.
Tomaso34 does not meet the password policy requirements but you see error Error 0x800708c5.
2. Password Adam34 now its: The password does not meet the password policy requirements only 6 digits (must be 8).
3. Password T0m@so34 password is correct. No problem.
-
It is a old post but might be helpfull for the people like me.I was struggling for 4 days and this link solve my problem. Good Explanation. Also explain in cionsystems blog
The password does not meet the password policy requirements. Exception from HRESULT: 0x800708C5
Error while changing the AD user password
You will get this error while changing the password of Active Directory user directly by using native AD tool or from Cion SelfService Application.
Resolution : In Domain control “Default Domain Policy “
Set the «Minimum password age» to 0Follow the below steps for details (Image attach for reference)
In Windows server 2008R2 Start -> Run -> gpmc.msc
Go to Domains -> domainName(cionsystems.com) -> Select Default Domain Policy , right click and edit
Select Computer Configuration -> Policies -> Windows Settings ->Security settings -> Account Policies -> Passowrd Policy -> Set «Minimum password age» to 0
Open Command prompt as administrator gpupdate/force
February 15, 2017 updated by
Leave a reply »
Unable to change Windows password? When you try to change or set a Windows password from Control Panel, you might get a popup message saying “Windows cannot change the password“.
If you’re using Windows 10, open the Settings app and you might also find the option to change/reset password is greyed out.
In this tutorial we’ll show you a simple way to fix the issue “Windows cannot change the password” in Windows 10, 8 and 7.
Fix Error: “Windows cannot Change the Password” in Windows 10 / 8 / 7
- Press the Windows key + R to open the Run dialog box, then type compmgmt.msc and press Enter to open the Computer Management.
- Now, you can expand Local Users and Groups -> Users. In the right side, right-click on the user account which is not allowing you to change its password, then select Properties from the context menu.
- You need to uncheck a box “User cannot change password“. Click Apply and then OK.
Now you should be able to change or set a Windows password in Control Panel.
- Previous Post: How to Remove ‘Settings’ from Windows 10 Start Menu
- Next Post: 2 Ways to Change System Locale in Windows 10
You might encounter with error 0x800708c5 while requesting reset password. This means that the password does not meet the password policy requirements. This shows that the password you are trying to set does not meet the Password Policy set on domain side. Sometime Administrator updates the password policy and your password is compatible with the old policies. Your old password keeps on working until you forget your password or it expires automatically. When you go for resetting password you might enter strongest password, but the system will not accept until you meet the new polices. If you are unaware of cracking the error code let us help you. Take last four digits in this case its 08c5; convert it to decimal from hex, it will be 2245. Now open command prompt and type “net helpmsg 2245” and this will show you the details of the error. In order to resolve this issue following steps you can perform.
- Part 1: How to Fix Windows Can’t Complete the Password Change Because Error 0x800708c5
- Part 2: The Reason Why Password Must Meet Complexity Requirements
Restarting you AD services will not help you resolve this issue and most probably you can’t go for server restart in your business hours. So, you need an alternative that resolves your problem as soon as possible. PassFab 4WinKey is the only professional software that assures 100% success rate for not only changing domain passwords but also any type of Windows passwords. Most of the software lack this facility but PassFab 4WinKey has made it easier for its users. PassFab 4WinKey wipes the domain’s strong and complex password in less time. In next few steps you will understand that how it does it.
Step 1: Download and install PassFab 4WinKey on your computer. Launch it to burn a bootable disk with USB or CD/DVD.
Step 2: Next, insert your bootable disk to your computer and restart your computer and press F12 or ESC to enter Boot Menus Interface.
Step 3: Now, you should choose your Windows operating system and the Windows account that you need to reset password. Then hit Next to reset Windows password.
Step 4: The whole process will take a few minutes and you will be prompted to restart the computer again to enter your new password.
Now you can pass this password to your user. But your user will again experience the same problem while resetting password. One solution is that you can ask user what password he want to set and this information will be completely confidential and the other thing is you can check the password requirements and you can let the user know about new password policies. Using 1s option might not be correct or you can offend user by asking that question hence you should go for the second option which is discussed in the second part along with the reason that why password must meet the complexity.
Part 2: The Reason Why Password Must Meet Complexity Requirements
Complex password policies should be taken into account because user data is the most important thing above all. User trust you with his/her information and now it’s your obligation to protect it. But setting more complex password policies will force user to contact help desk or write down password somewhere, which is more vulnerable. Hence password polices should be balance between strong and easy password policy. Following are the requirements that are enforced on all user accounts in domain:
1. Enforce password history
This policy ensures user not to use same password or the password used earlier with this account. Default value on domain controller is 24 while most of the I departments use values above 10.
2. Maximum password age
This policy determines the period for which a unique password can be used. After that specific time user is asked to set a new password. The value varies from 1-999 days. Default value is 42 but 30 is mostly used by IT departments.
3. Minimum password age
This policy determines the period after which the user can change their password. Default value is 1. If the enforced password is set then minimum password age must be above 0. If Maximum password age is set between 1 and 999 days, Minimum password age must be less than Maximum password age. If Maximum password age is set to 0, Minimum password age can be any value between 0 and 998 days.
4. Minimum password length:
Determines number of characters a password can contain. Default value of domain is 7 but the value can vary from 1-14.
5. Meet complexity requirements
This policy determines whether the new password should meet the requirements or not. If turned on following criteria shall be met before considering new password.
1. Passwords cannot contain the user’s account name or parts of the user’s full name that exceed two consecutive characters.
2. Passwords must be at least six characters in length, or the number of characters specified in the Minimum password length policy setting.
3. Passwords must contain characters from at least three of the following four categories:
- English uppercase alphabet characters (A–Z)
- English lowercase alphabet characters (a–z)
- Base 10 digits (0–9)
- Non-alphanumeric characters (for example, !$#,%)
This policy setting is enabled by default on domain controllers and disabled by default on stand-alone servers.
6. Store passwords using reversible encryption
This policy ensures whether the password should be saved in reverse encryption or not. This might help against intruders. This policy is disabled by default.
Summary
Now you can set your password policies accordingly but do ensure that it should not be too tough for user that h/she could not memorize password not so easy for any hacker to crack it. A common policy used everywhere is “combination of uppercase and lowercase letters, numbers, and symbols, and are typically a minimum of seven characters long”. It is the balanced policy. Don’t worry if you have set a strict policy once user contacts you to reset his/her password you can use PassFab 4WinKey to easily reset password without effecting your other server activities.
Guest
Guest
-
#1
This is very strange to me, one of my clients are running an environment
with widows 2000 server sp 4, and for some strange reason they are getting
«windows cannot complete the password change for user _____ because the
password does not meet the pasword policy requirements. Check the minimum
password length, password complexity & password history requirements»
I checked all the password policy issues and everything seems to be normal,
this started happening about 3 months ago, I went to microsoft website and
check all the password rules in the active directory restarted the server
even type the command in dos that automatically applies all the changes but
still getting the error message. Hence because I am not able to change the
password, I am unable to add new users into the system. And as you can
figure they are really getting at me for not being able to solve this.
We are unable to change any password from the active directory or even from
computer systems.
Please anybody have any suggestions please help.
Thanks
Guest
Guest
-
#2
In news:BE5A4B0B.87B%marcianswaby@coralwave.com,
marcian swaby <marcianswaby@coralwave.com> commented
Then Kevin replied below:
> This is very strange to me, one of my clients are running
> an environment with widows 2000 server sp 4, and for some
> strange reason they are getting
>
> «windows cannot complete the password change for user
> _____ because the password does not meet the pasword
> policy requirements. Check the minimum password length,
> password complexity & password history requirements»
>
> I checked all the password policy issues and everything
> seems to be normal, this started happening about 3 months
> ago, I went to microsoft website and check all the
> password rules in the active directory restarted the
> server even type the command in dos that automatically
> applies all the changes but still getting the error
> message. Hence because I am not able to change the
> password, I am unable to add new users into the system.
> And as you can figure they are really getting at me for
> not being able to solve this.
>
> We are unable to change any password from the active
> directory or even from computer systems.
>
> Please anybody have any suggestions please help.
>
> Thanks
What are the password settings?
If you are using complex passwords passwords must have: 1. Passwords must be
at least six (6) characters long.
2. Passwords must contain characters from at least three (3) of the
following four (4) classes:
Description Examples
————————————————
Upper case letters A, B, C, … Z
Lower case letters a, b, c, … z
Westernized Arabic numerals 0, 1, 2, … 9
Non-alphanumeric («special
characters») such as
punctuation symbols
3. Passwords may not contain your user name or any part of your full
name.
The rest is pretty much straight forward as for remember password history
and password length.
—
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please «Reply to Group»
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?… Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
Guest
Guest
-
#3
I am not using complex passwords, as far as I know, I just started working
for this company, how can I check if that’s something different, and I
basically cleared all the password setting to try see if that would work and
still nothing
On 3/13/05 10:22 PM, in article #ITonUEKFHA.904@tk2msftngp13.phx.gbl, «Kevin
D. Goodknecht Sr. [MVP]» <admin@nospam.WFTX.US> wrote:
> In news:BE5A4B0B.87B%marcianswaby@coralwave.com,
> marcian swaby <marcianswaby@coralwave.com> commented
> Then Kevin replied below:
>> This is very strange to me, one of my clients are running
>> an environment with widows 2000 server sp 4, and for some
>> strange reason they are getting
>>
>> «windows cannot complete the password change for user
>> _____ because the password does not meet the pasword
>> policy requirements. Check the minimum password length,
>> password complexity & password history requirements»
>>
>> I checked all the password policy issues and everything
>> seems to be normal, this started happening about 3 months
>> ago, I went to microsoft website and check all the
>> password rules in the active directory restarted the
>> server even type the command in dos that automatically
>> applies all the changes but still getting the error
>> message. Hence because I am not able to change the
>> password, I am unable to add new users into the system.
>> And as you can figure they are really getting at me for
>> not being able to solve this.
>>
>> We are unable to change any password from the active
>> directory or even from computer systems.
>>
>> Please anybody have any suggestions please help.
>>
>> Thanks
>
> What are the password settings?
> If you are using complex passwords passwords must have: 1. Passwords must be
> at least six (6) characters long.
> 2. Passwords must contain characters from at least three (3) of the
> following four (4) classes:
> Description Examples
> ————————————————
>
> Upper case letters A, B, C, … Z
> Lower case letters a, b, c, … z
> Westernized Arabic numerals 0, 1, 2, … 9
> Non-alphanumeric («special
> characters») such as
> punctuation symbols
>
> 3. Passwords may not contain your user name or any part of your full
> name.
>
>
> The rest is pretty much straight forward as for remember password history
> and password length.
>
Guest
Guest
-
#4
In news:BE5B0A6C.9E2%marcianswaby@coralwave.com,
marcian swaby <marcianswaby@coralwave.com> commented
Then Kevin replied below:
> I am not using complex passwords, as far as I know, I
> just started working for this company, how can I check if
> that’s something different, and I basically cleared all
> the password setting to try see if that would work and
> still nothing
There are two places where complex passwords can be defined, one in the
Default Domain GPO the other on the Domain Controller GPO. If ether of these
were «enabled», you have to change it to «disabled», simply changing it to
«not defined» leaves the policy in place.
—
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please «Reply to Group»
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?… Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
-
- Dec 28, 2011
-
- 1
-
- 0
-
- 18,510
- 0
-
#5
Archived from groups: microsoft.public.win2000.active_directory (More info?)In news:BE5B0A6C.9E2%marcianswaby@coralwave.com,
marcian swaby <marcianswaby@coralwave.com> commented
Then Kevin replied below:
> I am not using complex passwords, as far as I know, I
> just started working for this company, how can I check if
> that’s something different, and I basically cleared all
> the password setting to try see if that would work and
> still nothingThere are two places where complex passwords can be defined, one in the
Default Domain GPO the other on the Domain Controller GPO. If ether of these
were «enabled», you have to change it to «disabled», simply changing it to
«not defined» leaves the policy in place.—
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please «Reply to Group»
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?… Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
Thank you for posting these it has helped me today to solve my issue.
Kind regards
Reshmi
Thread starter | Similar threads | Forum | Replies | Date |
---|---|---|---|---|
|
Discussion Which Windows Theme? (1995 ’till Today) | Windows Legacy | 18 | Oct 22, 2022 |
D
|
Question Where is the Windows 98 display driver? | Windows Legacy | 9 | Aug 7, 2022 |
S
|
Question PC won’t boot from a Windows 98 floppy boot disk ? | Windows Legacy | 12 | Jul 23, 2022 |
|
Question Dual-boot Windows 98/XP on old system, XP is on Drive D ? | Windows Legacy | 11 | Jun 4, 2022 |
|
Question Does DISM command really delete any of my data or installed apps or my other drives data ? | Windows Legacy | 6 | May 6, 2022 |
|
Question I can’t set or create a pagefile on windows 8.1 | Windows Legacy | 8 | May 5, 2022 |
|
Question How do i add Legacy mode to my BIOS, so i can install Windows XP and 7? | Windows Legacy | 3 | May 3, 2022 |
A
|
Question Windows 98 question… From boot to sleep | Windows Legacy | 8 | Apr 21, 2022 |
A
|
Question Windows Update Error 80071A30 — has anyone else run into this ? | Windows Legacy | 0 | Apr 19, 2022 |
|
Question Windows not booting. | Windows Legacy | 1 | Apr 16, 2022 |
- Advertising
- Cookies Policies
- Privacy
- Term & Conditions
- Topics
Hey guys — wondering if something has changed in Windows server 2016 or if I’m just going crazy.
I’ve always had the Password must meet complexity flag enabled, which (per current MS Documentation) is the following:
-
Uppercase letters of European languages (A through Z, with diacritic marks, Greek and Cyrillic characters)
-
Lowercase letters of European languages (a through z, sharp-s, with diacritic marks, Greek and Cyrillic characters) Base 10 digits (0 through 9)
-
Non-alphanumeric characters (special characters): (~!@#$%^&*_-+=`|(){}[]:;»‘<>,.?/) Currency symbols such as the Euro or British Pound are not counted as special characters for this policy setting.
-
Any Unicode character that is categorized as an alphabetic character but is not uppercase or lowercase. This includes Unicode characters from Asian languages.
I’m almost positive when we were on Windows Server 2008R2 that the » » (spacebar) counted as a special character. I used to make user passwords something like «Correct Horse Battery Staple» and encourage them to make their passwords similar — however, I’m creating a new user account now, and while the above doesn’t work, «Correct_Horse_Battery_Staple» does work.
Can anyone confirm this behavior with 2008R2 (or 2016)? I haven’t changed my domain functional level, I’ve only installed server 2016…so I’m either crazy and this has never worked, or this changed by introducing a 2016 server.