Hello All,

We recently just changed our domain password policy to exclude allowing a user to use the last two passwords, however SSPR does not seem to read this value.

I have read the following articles https://support.microsoft.com/en-us/kb/2443871?wa=wsignin1.0 and it points to an older version of FIM and a domain controller that is running 2008/r2. In our environment we are running Windows Sever 2012 R2 as our domain controllers and FIM 2010 R2 version 4.1.3613.0.

I checked the forum and found the following post https://social.technet.microsoft.com/Forums/en-US/03013ce2-486f-4b39-a1ea-86ef66c7931c/fim-sspr-adma-enforce-password-policy-ad-server-2012?forum=ilm2 however this was posted last year and no resolution was found. I was wondering if any progress has been made on this or if anybody can provide me with any advice.

Since your DC(s) are 2012 R2 no need for the 2008 R2 hotfix. However you do need the following:

1) Your PDCemulator must be setup for LDAP over SSL

2) You must be on the correct version of FIM (build 4.0.3561.2 or later)

3) You must Set the registry value ADMAEnforcePasswordPolicy = 1