Changing Default Length of System-Generated Passwords in Active Directory Account Creation Mode
I installed WSS3 in ADACM (Active Directory Account Creation Mode), and SharePoint was able to create new users in AD, in the correct OU, through delegated permissions. After the installation, our IT team was hardening the box, and set the MinimumPasswordLength in Domain Policy from the default 7 to 9, as per our company policy. After doing this, it was quickly discovered that the site is now no longer capable of creating new users in AD, because it is generating passwords of length 7, which violates the call to the Directory Service.
The error generated was:
#1e0046: Adding user “UserName” to OU “OrganizationalUnitName” in domain “DomainName” failed with HRESULT -2147023541. This HRESULT value is the generic, stock 0x80004005, which I believe could probably be translated into something along the lines of "An unknown error occurred" and is of no informational value whatsoever. (Try Googling "HRESULT -2147023541"..... only about 1.2 Million results.... all unrelated)
I digress....I changed it back to 7, and all works fine again. However, this is a direct violation of our company policy and must be addressed immediately.
- Is there a property I can query using "stsadm -o getproperty -pnpropertyname" syntax that correlates to this value?
- Is it possible to change the length of the passwords generated from within SharePoint to 9, or some other number? stsadm -o setproperty -pnpropertyname -pv 9? Registry Hack?
- Where does this value come from initially? Policy Query on install? Hard-coded value? Editable Property in SharePoint? I have read other posts stating 8, as the value that worked, but in my case, 8 failed, and only 7 worked.
