We have password policies set up to prevent users from reusing the last several passwords and to prevent them from changing their password more than once in a 24 hour period. We currently give users the ability to reset their direct reports' passwords using the Password Reset function in Adaxes. However, we noticed that when a manager resets the password for an account they manage, they are able to reset the password to the current password and they are able to reset the password multiple times in one day, bypassing some of the password policies that are normally enforced. The password complexity requirements are still enforced, but the password reuse and time limit are not enforced.
When a user signs in and clicks the Change Password button for their account, all of the policies appear to be enforced. This issue seems limited to reseting the password for another account.
Is this a known issue, and do you know of any way to fully enforce all of the password policies for password resets?