Not sure if this is AD specific or not.

I am in a situation where some users in AD does not have synchronized their password correctly. It was caused by password policy in AD, that did not allow users password to be set (WILL_NOT_PERFORM). As a result, the DirXML-PasswordSyncStatus ends with "0" status (ERROR). Now the password policy was fixed and I need to resync user passwords (IDM->AD). The problem is, when I trigger "migrate" in iManager IDM plugins, the <sync> runs correctly, but the password is not in the operation at all.

I also tried trigger sync with console2, same thing. When I change users password in IDM, it is properly synchronized into AD. The password sync is one-directional (IDM->AD - subscriber channel).


Would anyone please come up with some suggestions how to achieve password resync? Thank you.