We are using the 8.1.1.p5 and gateways (not connector based) adapter based AD
Today, when you reset a password, the domain account used in the gateway overrides the password policy and lets you set any password
is there a way to implement the AD (or other resource) password policy when resetting passwords from IdM?
i.e. basically we dont want the user to be able to reuse the N latest passwords
You are correct. This will not work if password is changed in AD. If the password policy is set in AD to not take n passwords, then it will give exception in IDM when you try to give the same password again.
Another alternative is to check the exception that is comingi and check if it is for password in history, then you can ask the user to set the password again.