Strange goings on when setting a sevrice account password ^^ I was setting a service account for a dev SQL server and wished to change the account password from that which it had been created with.
I can list all of this as I'm not giving away server names or passwords I use < grin > So I opened up AD tools and set the password to DEV08Thesquirrel only to have it rejected as not meeting the complexity requirements. Now I sort of remembered having some problems with passwords which were too long but couldn't remember if it was at work but decided to shorten the password to 14 characters , so DEV08Thesquirr this was accepted without an issue. I pinged off an email asking if we had such a policy on password length, you might think this is an odd question but I had some considerable issues with my tesco.net email accounts where I keep forgetting you can only have, I think, a password of 8 characters, the problem is that it will happily accept a longer password but truncates it, very tricky!!
Anyway I had an answer that we actually accept passwords up to 127 in length. Must have some conditions around numbers and capitilisation and such - which my password complied with. I tried OneFlew2008cabbage and OneFlew2008Thesquirrel so perhaps squirrels weren't a problem, back to DEV08Thesquirrel nope still rejected, DEV08Thesquirrel# nope DEV08Thesquirre nope DEV08Thesquirr yup. Then I saw that we shouldn't use any more than 2 consecutive letters from tha account name - aha! the account name started DEV08_ so that was that then, but hang on what about DEV08Thesquirr ... I tried DEV07Thesquirrel and yes that was accepted.
Now many years ago I wrote a whole front end to handle passwords, just like this, and I too tried to stop users making use of their login name in passwords, but it was a daft idea trying to take small numbers of letters, any Andrew can't have and ,I'm colinleversuch work out the variations of words/passwords you can't use there!
So obviously it was asilly idea for me to start the password with the same start as the service account name, but it's a dev server and the domain account has no rights globally - so there you have it, a complete conundrum, squirrels notwithstanding.