0X000008C5

Fix 0X000008C5: Password Too Short for Policy

Windows Errors Beginner 👁 0 views 📅 May 27, 2026

Windows kicks back error 0X000008C5 when your password doesn’t meet the domain’s minimum length requirement. Here’s the fastest fix, then deeper steps if needed.

Simple Fix (30 seconds) – Use a Longer Password

The culprit here is almost always a password that’s too short for your domain’s policy. 99% of the time, just adding a couple more characters clears it.

  1. Try a password that’s at least 8 characters long. Mix in uppercase, lowercase, a number, and a symbol (like P@ssw0rd1).
  2. If you’re on a corporate domain, check if your company has a specific minimum – often 8, 10, or even 12 characters.
  3. If you’re changing your own password (not an admin resetting another user’s), that’s all you need.

Still getting the error? Move to the next step.

Moderate Fix (5 minutes) – Check the Domain’s Password Policy

If a longer password doesn’t cut it, your domain’s policy is probably set higher than you expect. Here’s how to see exactly what’s required.

For the user (if you can’t ask IT):

  1. Open Command Prompt as admin (search cmd, right-click, Run as administrator).
  2. Run: 
    net accounts /domain
  3. Look for Minimum password length. That number is your target. If it says 14, your password needs 14 characters.

For admins (if you can check Group Policy directly):

  1. On a domain controller or a machine with RSAT, open Group Policy Management Console.
  2. Drill into Computer Configuration > Policies > Windows Settings > Security Settings > Account Policies > Password Policy.
  3. Check Minimum password length. Default for domain controllers is often 7, but admins bump it up.
  4. Also check Enforce password history – if you’re recycling a recent password, that can also trigger 0X000008C5.

After you know the minimum, use a password that meets or exceeds it. If you still get the error, go advanced.

Advanced Fix (15+ minutes) – Force a Policy Update or Reset via AD

This step is for IT pros managing a domain. If a user still sees 0X000008C5 after meeting the policy, the issue is usually stale policy cache or a corrupt password.

Step 1: Force Group Policy refresh on the user’s machine

  1. On the user’s PC, open Command Prompt as admin.
  2. Run: 
    gpupdate /force
  3. Wait for the “Computer Policy update has completed” message. Then try the password change again.

Step 2: Reset the password in Active Directory (skip the user’s PC)

Sometimes the error is a glitch in the user’s local credential manager. Reset the password server-side.

  1. On a domain controller, open Active Directory Users and Computers.
  2. Find the user account, right-click, and select Reset Password.
  3. Enter the new password (make it at least the minimum length). Check User must change password at next logon if you want them to set their own later.
  4. Click OK. Tell the user to log off and back on with the new password.

Step 3: Check for fine-grained password policies (FGPP)

If you’re on a Windows Server 2008 or later domain, someone might have applied a fine-grained password policy to a specific group or user. These override the domain default.

  1. Open Active Directory Administrative Center (dsac.exe).
  2. Browse to System > Password Settings Container.
  3. Look for any policy that applies to the user’s group. You can check membership: 
    dsquery user -name "username" | dsget user -memberof
  4. If you find an FGPP, note the Precedence (lower number = higher priority) and the minimum length.

Step 4: Clear cached logon credentials (rare, but works)

This is a long shot, but I’ve seen a corrupt cached credential throw this error.

  1. On the user’s machine, open Credential Manager (Control Panel > User Accounts > Credential Manager).
  2. Under Windows Credentials, remove any entries for the domain (e.g., %DOMAIN% or user-specific ones).
  3. Reboot, then try the password change again.

Pro tip: If nothing works, check the user’s account isn’t locked or disabled. Run net user username /domain on the DC. If it says “Account active No”, that’s a separate problem. Also verify the user is allowed to change passwords – some admins set “User cannot change password” in AD.

One more thing: this error can pop up when the password you typed doesn’t match the “confirm password” field. That’s not 0X000008C5, but I’ve wasted 10 minutes on it. Make sure they match before diving into policies.

Was this solution helpful?

0X000008C5 NERR_PasswordTooShort password too short Windows password policy domain password minimum length fix password error change password error Windows 10 password error Windows 11 password error Server 2022 password error Active Directory password policy net user password error