I'm very happy that the password history feature has been added. I set this up in my dev environment right away. However, I can't get it to work. I set up a new 2008r2 domain controller with the PDC emulator roll, installed the PCNS and all the hot fixs, installed the cert, Checked LDP for the new control and ssl connectivty, set my AD management agent to the 2008R2 server over SSL, Added the new registry key:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FIMSynchronizationService\Parameters\PerMAInstance\Knight ADMA] "ADMAEnforcePasswordPolicyHistory"=dword:00000001, restarted everything, checked the application logs, and still I can self service reset a password to any previous password. Is there a way to troubleshoot this?Alex Trusler Systems Engineer

Hi Alex, My appologies, there is a bug in the document. The registry value name should be "ADMAEnforcePasswordPolicy" and NOT "ADMAEnforcePasswordPolicyHistory". This was a late change in the name and did not make it into the final document. I will comment the article to put in the correct key value. Steve Klem

That did it! Thank you.Alex Trusler Systems Engineer