Why does FIM 2010 only providepassword reset self service and not support account lockout self service. Other products support both, I do understand how the use of various gates can be used to address the limitation but dont understand why account lockout is not provided OOB, suspect its security realated ??

Anthony Should have specified 'lockout in AD' rather than 'lockout as part of the Auth WF (using lockout gate)'. Really like the WF and tip An attacker might launch a denial-of-service attack on password reset by purposely failing password reset challenges for multiple users, causing many users to be locked out of password reset. To mitigate this type of attack, you should place the lockout gate after a Question and Answer gate. By configuring the activities in this way, the attacker would need to pass at least one gate before they could try and lock out other users. You could then place an additional Question and Answer gate after the lockout gate for additional security. The sequence would then be as follows: Password gate Question and Answer gate Lockout gate Question and Answer gate However by 'If you perform an SSPR, it's automatically unlocked in AD' do you mean if a user locks their account in AD they can peform an SSPR which reset their pssword AND unlock their account, or does an admin / help desk need to unlock account, either through FIM or directly in AD. The AD MA should be configured with rights for account lockout and pssword reset, but can account lockout be performed by end user. Thanks Paul

Jeremey Thanks, I have added some more context below, but you do raise another point which we are looking at which is building an alerting capabilty to add notifications (email ) which would inform a user on events such as: Q/A profile set / updated Account locked/unlocked Password reset Appears as if you have some of that notification built to alert admins at any rate Paul

There is a workaround: simply type the same password on FIM password reset screen and the user will be unlocked and will keep his/hers old password.