CA Identity Manager: Active Directory fine grain password policies

Document ID : KB000116654
Last Modified Date : 01/10/2018
Show Technical Document Details
Identity Manager can be integrated with Active Directory as an endpoint, and when this happens IM can manage the user's passwords. You'll see an issue with users who are entitled to a fine grain password policy such as the following use case: 

You have users who are entitied to a fine grain password policy (FGP) in Active Directory. There is no password policy in Identity Manager but the base AD policy requires a 7 character password, while the FGP requires 2 characters. 

If you provide a user's AD account with the group required to give them the FGP, they still cannot change the global user's password to a 2 character password. It returns saying that it does not match the base AD policy of 7 characters, even though the user is actually entited to FGPs. 

When you try to change the password on AD it works as expected and accepts their 2 character password. 
Does CA Identity Manager support fine grain password policies?
No, fine grain password policies are not supported in CA Identity Manager. All Active Directory accounts will have their passwords held to the standards of the global AD password policy you have in place.