TechNet
Products
IT Resources
Downloads
Training
Support
Products
Windows
Windows Server
System Center
Microsoft Edge
Office
Office 365
Exchange Server
SQL Server
SharePoint Products
Skype for Business
See all products »
Resources
Channel 9 Video
Evaluation Center
Learning Resources
Microsoft Tech Companion App
Microsoft Technical Communities
Microsoft Virtual Academy
Script Center
Server and Tools Blogs
TechNet Blogs
TechNet Flash Newsletter
TechNet Gallery
TechNet Library
TechNet Magazine
TechNet Wiki
Windows Sysinternals
Virtual Labs
Solutions
Networking
Cloud and Datacenter
Security
Virtualization
Updates
Service Packs
Security Bulletins
Windows Update
Trials
Windows Server 2016
System Center 2016
Windows 10 Enterprise
SQL Server 2016
See all trials »
Related Sites
Microsoft Download Center
Microsoft Evaluation Center
Drivers
Windows Sysinternals
TechNet Gallery
Training
Expert-led, virtual classes
Training Catalog
Class Locator
Microsoft Virtual Academy
Free Windows Server 2012 courses
Free Windows 8 courses
SQL Server training
Microsoft Official Courses On-Demand
Certifications
Certification overview
Special offers
MCSE Cloud Platform and Infrastructure
MCSE: Mobility
MCSE: Data Management and Analytics
MCSE Productivity
Other resources
Microsoft Events
Exam Replay
Born To Learn blog
Find technical communities in your area
Azure training
Official Practice Tests
Support options
For business
For developers
For IT professionals
For technical support
Support offerings
More support
Microsoft Premier Online
TechNet Forums
MSDN Forums
Security Bulletins & Advisories
Not an IT pro?
Microsoft Customer Support
Microsoft Community Forums
Sign in
Home
Library
Wiki
Learn
Gallery
Downloads
Support
Forums
Blogs
Resources For IT Professionals
United States (English)
Россия (Pусский)
中国(简体中文)
Brasil (Português)
Skip to locale bar
Post an article
Translate this page
Powered by
Microsoft® Translator
Wikis - Page Details
First published by
Wim Beck
When:
30 Sep 2015 12:52 PM
Last revision by
Ken Cenerelli
(MVP, Microsoft Community Contributor)
When:
19 Feb 2018 6:31 PM
Revisions:
7
Comments:
4
Options
Subscribe to Article (RSS)
Share this
Engage!
Wiki Ninjas Blog
(
Announcements
)
Wiki Ninjas on Twitter
TechNet Wiki Discussion Forum
Can You Improve This Article?
Positively!
Click Sign In to add the tip, solution, correction or comment that will help other users.
Report inappropriate content using
these instructions
.
Wiki
>
TechNet Articles
>
FIM2010: Localize Self Service Password Reset
FIM2010: Localize Self Service Password Reset
Article
History
FIM2010: Localize Self Service Password Reset
Table of Contents
Intro
SSPR
Localize
PowerShell
References
Originally posted at:
FIM2010: Localize Self Service Password Reset @ IS4U Blog
Intro
If you ever had the pleasure of installing one or multiple language packs in FIM, you know that not everything is covered. The question and answer gate is a good example and is very visible to the end user. This blog post discusses how you can localize such a configuration and shows how it is possible to automate this task using PowerShell.
SSPR
Self-service password resets consists of the following configuration blocks:
A workflow: Password Reset AuthN Workflow
A management policy rule: Anonymous users can reset their password
A set: Password Reset Users Set
The workflow defines which actions are necessary before a user is allowed to reset her password. This can be an otp email, SMS or a question and answer gate. The management policy rule links the users that are allowed to reset their password to the correct authentication workflow. The set is linked to the MPR as the target resource field because the requestor of a password reset authentication workflow is always an anonymous user.
Localize
The language packs that come with FIM do not include localized configuration objects. So, we have to configure these ourselves. Once you know how the mechanism works, it is pretty simple. You duplicate the three configuration items that are required to have a working SSPR configuration for each language you want to support and make sure you define the correct population in the MPR target set. Then you disable the default MPR to avoid confusion. A sample configuration could look like this:
You make sure that the authentication workflow uses the language corresponding to the target population. It is also recommended to configure one of the languages as default for the user accounts that do not have a proper language configured. This can be configured as follows:
As the last step, you need to add these new objects to the
Password Reset Objects Set
. Otherwise, SSPR will not work.
PowerShell
Of course, it is a lot of work to localize SSPR if you have more than two languages. That is why we wrote a PowerShell function to do this for us. It is also very handy to update an existing configuration. So if you want to add or change a secret question, PowerShell is a lot easier and faster than doing this job manually. Sample code can be found at
GitHub
. The module
Is4uFimSspr.psm1
provides following functions:
Enable-Sspr
Disable-Sspr
Install-LocalizedSspr
The first two enable and disable builtin MPR's for SSPR. The last one localizes the default question and answer gate based on information provided in an XML configuration file:
sspr.xml
. The function assumes that the default configuration of
Password Reset AuthN Workflow
is untouched. It copies the XOML field and does a string replace of the questions, constraints and error messages with the values from the configuration file.
References
Deploying FIM SSPR
FIM Powershell module
FIM Automation snapin
IS4U FIM Powershell modules