Do we understand correctly that you need to disallow using specific passwords? If that is correct, you can use a Business Rule triggering Before resetting password of a user. The rule will validate the entered password against predefined values and cancel the password reset if there is a match found. The Business Rule will be effective only for users located in the containers/OUs specified in the Activity Scope. If this approach meets your needs, please, provide us with all the possible details regarding the desired validation and we will get back to you with detailed instructions.
If this is not what you meant, please, provide us with all the possible details regarding the desired behavior.