FIM 2010 Self-Service Password Reset Now Supports All Domain Password Policies


I am excited to announce that FIM 2010 Self-Service Password Reset now supports all domain password policies.  It was a joint effort between the Windows Active Directory and FIM development teams to provide this new functionality.

Details of this change can be found in http://support.microsoft.com/KB/2443871.

Comments (3)

  1. Anonymous says:

    Does anybody have a source for a password filter DLL that meets these requirements?  We've not written one before so this is new ground for us.  We've been using a password generator that complies with these requirements but we'd really like to allow our customers to choose their own password that complies.

  2. Garan says:

    Great, now if we can get the active directory team and the live@edu team to come to a consensus on password complexity then all of my problems will be solved.

    For example,

    Live@edu requires NO spaces in a password

    Windows active directory has no way to enforce this

    Resulting in error messages from FIMSynchronizationService stating that the password doesn't comply.

    Workaround,

    Purchase an extremely expensive third party tool that will give your Active Directory the ability to deny the use of spaces in a password, or write your own password filter DLL for use on all of the DC's in the domain.

  3. pminnis says:

    i Second Garan's comment. This may have been the dumbest single thing i've seen at the enterprise level (except maybe moodle using a person's name as the key field on the record)

Skip to main content