Es necesario definir el usuario internal con password internal si la configuración de usuarios de va a tomar desde ldap, para ello hay que realizar una serie de procesos en el Active Directory para que nos/los habilite a ingresarle la password "internal" al usuario, ya que las politicas de seguridad del Active Directory no lo permiten o puede existir el caso de que el usuario definido de esta forma este siendo relevado por una auditoria de seguridad y no se pueda realizar este proceso y sea necesario cambiar la configuracion de O3.

Fuente: http://www.top-password.com/blog/how-to-change-active-directory-password-policy-in-windows-server-2008/

How to Change Active Directory Password Policy in Windows Server 2008

When setting up a new Windows Server 2008 server with Active Directory you will discover that you are not allowed to edit the default domain policy. You can use complex passwords to meet the default password policy, but sometimes you may need to continue using simple passwords, edit or disable the strong password policy, what should you do next?

Here is the step-by-step guide to change Active Directory password policy in Windows Server 2008. You need to log on domain controller using administrative account so you have sufficient privileges to make the change.

How to Change Active Directory Password Policy in Windows Server 2008?

1. Click Start, click Administrative Tools, and then click Group Policy Management.

   

2. Under Group Policy Management window, go to Forest > Domains > {your domain} > Default Domain Policy, click on the Settings tab you can see the default password policy applied to your domain user accounts.

   

   Unfortunately, there is no option for you to edit or change the default domain policy. The only way to change your password policy is to create a new domain policy to overwrite the default domain policy.

3. To create a new domain policy, please click on your domain name in the left panel, then select Create a GPO in this domain, and Link it here….

   

4. Now right-click on the domain policy you’ve created and then click Edit.

   

5. In the appearing window, go to Policies > Windows Settings > Security Settings > Account Policies > Password Policy.
6. You can double-click on the Password must meet complexity requirements in the right pane to disable the setting, or double-click on Minimum password length to change the password requirement, and so on.
7. After you complete the editing of your domain policy, right-click on your new domain policy and tick the Enforced and Link Enabled to make your changes to take effect.