I'm very happy that the password history feature has been added. I set this up in my dev environment right away. However, I can't get it to work. I set up a new 2008r2 domain controller with the PDC emulator roll, installed the PCNS and all the hot fixs, installed the cert, Checked LDP for the new control and ssl connectivty, set my AD management agent to the 2008R2 server over SSL, Added the new registry key:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FIMSynchronizationService\Parameters\PerMAInstance\Knight ADMA] "ADMAEnforcePasswordPolicyHistory"=dword:00000001, restarted everything, checked the application logs, and still I can self service reset a password to any previous password.
Is there a way to troubleshoot this?
Alex Trusler Systems Engineer