Do any of you know if there is a way to make the FIM 2010 Password Reset function follow the Domain Password Policy? It seems to be following the Password Complexity rule, but not the rule about Password repetition. I am in all cases able to reset my password, to the password i already had. Is this just the way it is "By design" or is there a way to work around it?

Unfortunately, it's "by design". There are 2 interfaces for changing/resetting passwords in AD. One is a Change Password process, which involves using the old password and the new password to change the account password, following the defined Domain Password Policies. The second is a Set Password process, which is an administrative reset that doesn't require the old password, simply resetting the account password to the new password and ignoring most, if not all, Domain Password Policies. This is the same behaviour you will see when peforming a Reset Password operation on an account through the Active Directory Users and Computers. As you may guess, the FIM 2010 password reset is doing an administrative password reset on the AD account, ignoring a number of the domain password policies, as you've discovered. Currently, there is no work around and MS is aware of this issue. MarcMarc Mac Donell, ILM MVP, VP Identity and Access Solutions, Avaleris Inc.

Thanks Marc. It is just as i figured then. Currently, there is no work around and MS is aware of this issue. <-- Do you maybe have a link or something that states this?

I've had some discussions with the product team on this one, and it's also been acknowledged in the Password History not enforced posting, where the history policy is being ignored. Marc Mac Donell, ILM MVP, VP Identity and Access Solutions, Avaleris Inc.

btw, we are working on a fix :) it would require patching the DC and FIMSync

That's good news! :) Is there a timeline for when it would be available?Marc Mac Donell, ILM MVP, VP Identity and Access Solutions, Avaleris Inc.

hm... sorry, at this moment, we can't commit to a timeline yet.The FIM Password Reset Blog http://blogs.technet.com/aho/

+1 on wanting this. Is there a connect item where we can vote?David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html

i am not sure, but we've already received a number of executive escalations. We just need to do a few more final testing after checking in the code. I can't comment on the timeline because the fix depends on a patch for AD. Since that's worked on by another team, i don't know their release channels/timeline. That said, if you contact PSS with reference to IdMT SE 587, they might be able to ping the right person to provide you with more updated info that i don't have.The FIM Password Reset Blog http://blogs.technet.com/aho/

Thanks Anthony!Marc Mac Donell, ILM MVP, VP Identity and Access Solutions, Avaleris Inc.