I would like to submit to you a problem that I encountered while creating a user on active directory.
After some investigation we found that the issue is related to the password set, in fact when the user password set doesn't meet password policy, the account is disabled but still created.
My question is: why the error message is misleading? Active Directory Domain Services message said that "the password for user cannot be set due to insufficient privileges. Windows will attempt to disable this account. If the attempt fails, the account will become a security risk. Contact an administrator as soon as possible to repair this. Before this user can log on, the password should be set and the account must be enabled".
Why it doesnt explain clearly that there is a password policy violation?