Until this change, all Windows APIs available to reset passwords in the domain did not enforce all domain password policies. In this scenario, it is important to enforce all password policies so that users do not use the Self-Service Password Reset functionality in FIM to bypass organizational policies. With the release of Microsoft Forefront Identity Manager (FIM) 2010, Microsoft offers an application that enables end-users to reset their passwords without calling helpdesk. In this scenario, it is important to buffer those working in proxy from the end-user’s password history to preserve security. Password reset in the Active Directory is historically been done in proxy by helpdesk personnel or user administrators. If a problem occurs in production where Self-Service Password Reset no longer works after you implement this change, disable the new functionality in the Registry to return FIM to the original SSPR functionality. This change should be discussed with the appropriate IT groups to make sure correct testing and rollout of LDAP SSL in the production environment. Server certificates are required on any domain controller that holds, or may hold, the PDC emulator FSMO role. The changes that are outlined in this document have to be implemented in a test environment before you deploy the change to a production environment.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |