Just in case anyone else experiences the same problem.

We resolved an issue at a client yesterday where some password change
events from AD were discarded and never sent to the engine.

The resolution was to update to AD 3.5.14 Patch 8 and IDM 3.6.1 Remote
Loader patch 3

The environment was previously running IDM 3.6.1 Active Directory Driver
Patch 4 and IDM 3.6.1 Remote Loader patch 2. The domain controller was
Windows 2008r2

A powershell script was used to mass set pre-determined passwords on
approx 2000 AD users that had been provisioned previously by IDM.

A level 5 trace on the remote loader side showed the password change was
sucessfully retrieved from the registry for an associated user and then
removed from the registry but a modify-password event was never
generated or sent to the engine.

This was performed several times and each time a percentage (10-20%) of
modify-password events failed to be generated.

After applying the patches 100% of the password changes were published
to the engine.

Reading through the bugs fixed in both AD 3.5.14 Patch 8 and IDM 3.6.1
Remote Loader patch 3 I cannot see any mention of this type of bug.