不管是什么我想扔它，这种方法在这里总是会导致以下异常：

No matter what I'm trying to throw at it, this method here always results in the following exception:

         var retVal = this.DirectoryEntry.Invoke("ChangePassword", new object[] { oldPassword, newPassword }) == null;

的InnerException = {密码不符合密码策略要求检查最小密码长度，密码复杂性和密码历史的要求（从HRESULT异常：0x800708C5）。}

InnerException = {"The password does not meet the password policy requirements. Check the minimum password length, password complexity and password history requirements. (Exception from HRESULT: 0x800708C5)"}

我很自然地检查域的默认策略（在我的测试域中没有找到），OU组策略（不存在），并不能找到任何可以支配的密码策略，但不管我公司供应到多久或复杂的密码功能是，它会导致在相同的异常。 现在最有趣的部分 是当我做同样的（对于相同DirectoryEntity对象和相同的密码）拨打这样的：

I naturally checked domain default policy (none found in my test domain), OU Group policy (none exists) and can not find anything that could govern the password policy, yet no matter how long or complex the password I supply into the function is, it results in the same exception. Now the most interesting part Is when I do the same (for the same DirectoryEntity object and the same password) by calling this:

 var retVal = this.DirectoryEntry.Invoke("SetPassword", new object[] { newPassword }) == null;

最后调用成功W / O型的任何问题。

The last call succeeds w/o any issues.

推荐答案

有一些组策略将影响密码的复杂性。他们大多是你安装了Active Directory后，默认打开。如果你设置你的测试域名，从来没有打动了他们，很可能，这些密码策略仍然存在。

There are a number of group policies going to affect the password complexity. Most of them are turned on by default after you installed Active Directory. If you have never touched them after you setup your test domain, very likely, those password policies are still in place.

这是我的测试域默认域安全设置的样子。如果你以前没有改变，它应该类似。

This is what my test domain default domain security settings look like. If you didn't change it before, it should look similar.

您可以找到每个MSDN上的政策的具体描述。我只是有一个总结，并在此一环节。

You can find detail descriptions on each of the policies on MSDN. I will just include a summary and a link here.

强制密码历史 - 确保你没有重用旧密码。 密码最长使用期限 - 确保您不能使用相同的密码超过一段时间。它默认为42天。 密码最短使用期限 - 确保您不能更改密码直到它已超过一段时间。这是默认为1天域。 最小密码长度 - 自我介绍。这是默认的7个字符的域控制器。 密码必须符合复杂性要求 - 确保您使用的是字母，数字和符号字符密码的组合 Enforce password history - Make sure you are not reusing the old password. Maximum password age - Make sure you cannot use the same password more than a period of time. It's default to 42 days. Minimum password age - Make sure you cannot change the password until it has been more than a period of time. It's default to 1 day in a domain. Minimum password length - Self explained. It's default to 7 characters on domain controller. Password must meet complexity requirements - Make sure you are using a combination of letters, numbers and symbol characters in your password

以上所有的设置都可以成为你0x800708C5错误的原因。具体而言，我想这是对密码最短使用期限密码策略给你造成麻烦。它的默认设置为1天。如果您的测试帐户是创建一个新的用户帐户刚才，你可能不会在同一天更改您的密码。

All the above settings can be the cause of your 0x800708C5 error. In particular, I guess it's the "minimum password age" password policy causing you trouble. It's by default set to 1 day. If your test account is a new user account created just now, you may not change your password in the same day.

所以，现在，你可能会认为在测试环境中，应禁用作发展用途所有这些密码策略。我不建议简单地让所有取消选中该复选框，在属性页中未定义的政策。我建议以下setttings。

So now, you may think that in your test environment, you should disable all these password policies for development purpose. I won't recommend simply make all the polices undefined by unchecking the checkbox in the property pages. I would recommend the following setttings.

强制密码历史 - 0，这意味着永远不会检查密码历史 密码最长使用期限 - 0，这意味着密码永不过期 密码最短使用期限 - 0，这意味着你可以改变密码立即 最小密码长度 - 0，这意味着你不'吨需要设置任何密码 密码必须符合复杂性要求 - 禁用，这意味着它接受任何密码 Enforce password history - 0, which means never check password history Maximum password age - 0, which means password never expired Minimum password age - 0, which means you can change password immediately Minimum password length - 0, which means you don't need to set any password Password must meet complexity requirements - Disabled, which means it accepts any passwords

您需要做的最后一个步骤是重新填充组策略到您的计算机。请记住，组策略存储在Active Directory中设置。该机组策略被应用在机器启动时间，而用户组策略应用在用户登录的时间。密码策略是这些机器的政策之一。所以，你可以重新启动你的电脑现在或者你可以到命令提示符并运行运行gpupdate 。

One final step you need to do is to populate the group policy to your machine again. Remember, the group policy is the settings stored on Active Directory. The machine group policies are applied at the machine bootup time while the user group policies are applied at the user logon time. Password policies are one of those machine policies. So, you can either reboot your computer now or you can go to command prompt and run gpupdate.

我希望我没有错过任何重要信息。让我知道，如果它仍然不能正常工作：）

I hope I didn't miss any important information. Let me know if it still doesn't work :)