none
Unable to apply AD Password Policy in Self Service Password Reset RRS feed

  • Question

  • Hi Everyone,

    I have a scenario in FIM where in AD has a password policy in which the users last 5 password is remembered in the AD which means if any users enters the same password or the password which he has entered previously then that password should not be allowed.

    Now when i am resetting the password from Self Service Password Reset portal through FIM then if i enter the same password which i used initially it accepts that password and the password gets changed which I don't want.

    I want that in SSPR if any user enter the previous password then he should not able to reset the password.

    I have referred this article http://support.microsoft.com/kb/2443871

    In this it was mentioned about to configure the registry whose path is as follows:

    SYSTEM\CurrentControlSet\Services\FIMSynchronizationService\Parameters\PerMAInstance\<ma name>

    when i login into the FIM Sync Server and when I Opened the Registry i can only see SYSTEM\CurrentControlSet\Services\FIMSynchronizationService\Parameters I could not see this "PerMAInstance\<ma name>" so that is why I am not able to set the desired value.

    Request you to please respond.

    Your Response is highly appreciated :)

    Thanks,

    Aman Khanna


    Wednesday, November 19, 2014 6:48 PM

All replies

  • On Wed, 19 Nov 2014 18:48:15 +0000, AmanKhanna wrote:

    when i login into the FIM Sync Server and when I Opened the Registry i can only see SYSTEM\CurrentControlSet\Services\FIMSynchronizationService\Parameters I could not see this "PerMAInstance\<ma name>" so that is why I am not able to set the desired value.

    You need to create both keys and then the value.

    No offense but you don't seem to know a lot about editing the registry. I'd
    make sure that you have a good, working backup before doing this.


    Paul Adare - FIM CM MVP
    In German "invent-a-new-word-where-a-perfectly-good-one-already-exists"
    is probably a word. -- Peter da Silva

    Wednesday, November 19, 2014 7:05 PM
  • Thanks for the reply i have made the following changes in the registry and when it comes to backup that i take it every day.

    This is the below screenshot where i have created the registry.The ADMA Enforepasswordpolicy value is kept as 1.

    From your point of view does it seems ok or do i need to change few things in this

    Thursday, November 20, 2014 5:29 AM
  • On Thu, 20 Nov 2014 05:29:34 +0000, AmanKhanna wrote:

    This is the below screenshot where i have created the registry.The ADMA Enforepasswordpolicy value is kept as 1.

    From your point of view does it seems ok or do i need to change few things in this

    The only thing that I would change is to use a capital "I" in the
    PerMAInstance key. Currently you have PerMAinstance. Some registry entries
    are case sensitive, some are not, I like to be on the safe side and just
    assume that they all are.


    Paul Adare - FIM CM MVP
    We're standing there pounding a dead parrot on the counter, and the mgt.
    response is to frantically swap in new counters to see if that fixes the
    problem. -- Peter Gutmann

    Thursday, November 20, 2014 5:40 AM