I had recently upgraded a test lab from eDir 902 to 903 and IDM 4.6 and
I noticed that a policy that worked before doing a GEnerate Password
noun token, is now throwing an NMAS 9699.

This comes up in the KB as an older eDir issue, since this token calls
an eDir API that generates the password. So it is eDir not the engine
per se.

This TID should be updated to 1) link to the docs, if they explain what
specific to ignore) 2) List the aspects specifically that must be removed.

Anyway, the change in eDir was to include Unique passwords, and exclude
attributes which can never work on a non-existant (yet) user.

So the solution was create a standalone password policy that does not
require unique passwords (Or imply any kind of history lookup) or any
attrs of your user to exclude. Then use that as the random password
template and assign the real policy to their container.

I knew all that, so I defined a proper policy when I started and it
worked for a while.

Now I am getting the error again. This lab is going away so I do not
want to troubleshoot long. But has anyone else seen this one?

I.e. Is it a bug come back, is it the loose nut behind the keyboard? Or
something obvous I forgot?

(Now I want to go check in my book and make sure I mentioned this issue,
but I am pretty sure I did, but first I have to find the time to update
my Validator book for 1.5).