none
domain password policy not applying when users attempt to reset their password with mim 2016 RRS feed

  • Question

  • Hi

    I implement the Microsoft Identity Manager 2016 Self Service Reset Password in my environment. 

    I have Password Policy in my domain that users can not used five password history and can not change their password twice in a day.

    But when Users use SSPR, they can change password several times and they can set any password out of our policy.

    MIM 2016 have any setting that understand Domain Password Policy age behave according to our policy?

    Thanks

    Saturday, February 20, 2016 1:42 PM

Answers

  • Hi Jeff,

    Did you need to specify the registry entry on the MA server?

    I don't have the \PerMAInstance\<ma name> in my registry path. Did you just add the key under "Parameters"?

    "HKLM\SYSTEM\CurrentControlSet\Services\FIMSynchronizationService\Parameters\PerMAInstance\<ma name>"

    regards,

    Mark

    Tuesday, March 29, 2016 5:40 AM
  • Hi Mark,

    You will need to create the PerMAInstance Key and then underneath create a key that is the same name as the MA.  Then under that key, create ADMAEnforcePasswordPolicy as dword with a value of 1.

    Best,

    Jeff Ingalls

    Wednesday, March 30, 2016 8:45 PM

All replies

  • Check out this KB 2443871. Should apply to MIM as well.
    • Proposed as answer by Varun Kohli Tuesday, February 23, 2016 6:54 AM
    Monday, February 22, 2016 8:37 PM
  • Hi Mohammad,

    I've tested the KB documented procedure under MIM 2016 and it works. Let us know if you have any issues though.

    Best,

    Jeff Ingalls

    Tuesday, February 23, 2016 10:10 PM
  • Hi Jeff,

    Did you need to specify the registry entry on the MA server?

    I don't have the \PerMAInstance\<ma name> in my registry path. Did you just add the key under "Parameters"?

    "HKLM\SYSTEM\CurrentControlSet\Services\FIMSynchronizationService\Parameters\PerMAInstance\<ma name>"

    regards,

    Mark

    Tuesday, March 29, 2016 5:40 AM
  • Hi Mark,

    You will need to create the PerMAInstance Key and then underneath create a key that is the same name as the MA.  Then under that key, create ADMAEnforcePasswordPolicy as dword with a value of 1.

    Best,

    Jeff Ingalls

    Wednesday, March 30, 2016 8:45 PM