The IDM AD driver requires a filter DLL to be installed on all DCs for password synchronization. Unfortunately, it seems as though the IDM 3.5 setup does not always update a previously installed version of pwfilter.dll (and associated files) properly.
The INF installer can be used to update those files so they will be used after the next reboot.
Note: This requires the IDM 3.5 AD driver.
To download the INF installer, visit:
Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment. It just worked for at least one person, and perhaps it will be useful for you too. Be sure to test in a non-production environment.