Hi all

can a user unlock his AD account from FIM portal.

Hello,

currently not out-of-box, but you can do this by customizing the portal.

MIM vNext will provide Self-Service Account Unlock, you can check the preview on connect for that.

I currently have Account Unlock through helpdesk but it is possible to change this to self service.

You can use the powershell activitiy for that for example:

1. Change RCDC for user UI and add a boolean attribute for account unlock.

2. On change of this attribute trigger a MPR with the PS activity that unlocks the account.

3. Reset the unlock account attribute to normal state (false).

4. create approp. permission MPRs to allow users to change only their own account unlock attribute.

thats it.

-Peter

Thanks peter,

i have another question, i have deployed FIM 2010 R2 SP1, with SSPR when the user try to reset his password he received the below error, 

The password does not comply with your organization password policy

Thanks

Remember that in addition to complexity and pw length, also the min. password age is checked, so if you testing this multiple times a day will not work.

Could it be that ?

-Peter

Thanks peter,

the minimum password age is configured as ( 0 ) and the maximum is 30 and the complexity is disabled where is the issue?

hmm, so in general it works, except for that user.

can the user change the password within the normal Windows GUI dialog using using the same password you use for reset, so that you can check if it is valid ?

Thanks Peter,

the issue was with the user as you mentioned.

Just to amplify on Peter's responses: when you reset the password it does unlock the account. But at present the end-user can't unlock the account without resetting the password. Looking forward to the release of MIM.