<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Okta Error Occurs When Creating a Temporary Password for an Active Directory User
May 18, 2026
Directories
Okta Classic Engine
Okta Identity Engine
Overview

The following errors occur when an administrator sets a temporary password for an Active Directory (AD) user using Delegated Authentication via the Okta Admin Console. Depending on the specific error message, correcting the AD permissions for the Okta service account or aligning the Okta password policies with the AD domain resolves the issue.

 

  • Update of credentials failed
  • Password does not meet requirements

 

When the error states Update of credentials failed, the System Log shows the password successfully updates, the pwdLastSet attribute in AD updates, and the user logs in with the temporary password but receives no prompt to create a new one. Additionally, the User must change password at next logon checkbox remains unchecked in AD.

 

When the error states Password does not meet requirements, the System Log shows a failure event, and the pwdLastSet attribute in AD does not update.

 

Applies To
  • Okta Identity Engine (OIE)
  • Okta Classic Engine
  • Directories
  • Active Directory (AD)
  • Delegated Authentication
  • Password Reset
Cause

For the Update of credentials failed error, write permissions lack proper configuration for the pwdLastSet attribute. The AD password update succeeds, but the account does not prompt users to change the password at the next logon. This leaves the temporary password as the permanent password until another reset occurs.

 

For the Password does not meet requirements error, the Okta password policies fail to match or exceed the AD domain password policy.

Solution

What steps resolve the "Update of credentials failed" error?

Modify the Active Directory permissions to grant the Okta service account the necessary write access.

Correct the permissions in AD to allow the Okta service account the ability to write to the pwdLastSet attribute. Review the Okta service account permissions documentation or contact Microsoft Support for further assistance.

What steps resolve the "Password does not meet requirements" error?

Align the Okta password policies with the local domain requirements to ensure successful password provisioning.

Ensure that the password policies in Okta match or exceed those in the AD domain. Okta provisions temporary passwords according to the Okta password policy, requiring alignment with local AD requirements for proper functionality.

Recommended content

Still looking for help?
Loading
Okta Error Occurs When Creating a Temporary Password for an Active Directory User