This is a very tricky error to understand:

Windows Event ID: 16979
Message: The domain is incorrectly configured with a MinimumPasswordLength setting that is greater than 14.

NOTE: until this is corrected, the domain will enforce a smaller MinimumPasswordLength setting of 14.

Currently configured MinimumPasswordLength value: 15

For more information see https://go.microsoft.com/fwlink/?LinkId=2097191 .

Previous to Windows 10 2004 it was not readily possible to set a minimum password length requirement in GPO to more than 14 characters.  Today however, Microsoft wants everyone to  scrap passwords altogether by using other methods of authentication or by requiring “passphrases”.

A passphrase is a longer string of text than a typical long password and passphrases can often exceed the previous maximum “minimum password length”, which is a very good thing.

event id 16979 password length greater than 14 charactersHere is the catch, if you are using the GPO templates for Windows newer than 2004 (i.e. April of 2020) you can now set a GPO that requires more than 14 characters BUT Microsoft did not release a patch for older OS’ like Windows Server 2012R2 that support minimum password lengths of more than 14 characters.  Hence the error you are seeing.

Put simply, you can now set a GPO that requires passwords to be greater than 14 characters in length, but old Operating Systems like Server 2012 R2, can not enforce that requirement.

 


0 Comments

Questions or Comments?