Passwords are not synchronized from Active Directory to the Identity Vault if the Active Directory driver is run with Service Account instead of Domain Administrator. The driver reports error 5 (PassSyncCache::StorePwdInfo() returned 0x00000005).
The Remote Loader Trace level 5 shows the following error:
DirXML: [03/27/10 18:19:22.19]: ADDriver: [PWD 4396] PassSyncCache::StorePwdInfo() DirXML: [03/27/10 18:19:22.19]: ADDriver: [PWD 4396] StorePwdInfo() - open the cache. DirXML: [03/27/10 18:19:22.19]: ADDriver: [PWD 4396] StorePwdInfo() - acquire the mutex. DirXML: [03/27/10 18:19:22.19]: ADDriver: [PWD 4396] StorePwdInfo() - mutex acquired. DirXML: [03/27/10 18:19:22.19]: ADDriver: [PWD 4396] StorePwdInfo() - enumindex 0. DirXML: [03/27/10 18:19:22.19]: ADDriver: [PWD 4396] StorePwdInfo() - create the entry MC8314. DirXML: [03/27/10 18:19:22.19]: ADDriver: [PWD 4396] StorePwdInfo() - an error occurred ... delete this entry. DirXML: [03/27/10 18:19:22.19]: ADDriver: [PWD 4396] StorePwdInfo() - release the mutex. DirXML: [03/27/10 18:19:22.19]: ADDriver: [PWD 4396] StorePwdInfo() - mutex released. DirXML: [03/27/10 18:19:22.19]: ADDriver: [PWD 4396] StorePwdInfo() - close the cache DirXML: [03/27/10 18:19:22.19]: ADDriver: [PWD 4396] PassSyncCache::StorePwdInfo() returned 0x00000005 DirXML: [03/27/10 18:19:22.19]: ADDriver: [PWD] PassSyncPassword() returned 0x00000005
To workaround this issue, set the Active Directory Service Account read, write, delete, and inheritance rights to the HKEY_LOCAL_MACHINE\SOFTWARE\Novell\PassSync\Data registry key on the Remote Loader. This allows the Remote Loader to read the password changes from HKLM\SOFTWARE\Novell\PwFilter\Data\<Username> key for each user that has changed password.