Password changes that occur through the Identity Manager Administration Console are propagated to all Identity Manager-managed resources, except Directory Server. Once a password change is detected on Active Directory, Identity Synchronization for Windows synchronizes it with Directory Server.
User creation originating from the Identity Manager Administration Console is propagated to all Identity Manager-managed resources, including both Directory Server and Active Directory Domains. New users will have to be linked by Identity Synchronization for Windows. For details, see Configuring pwsync to Not Propagate Passwords to Directory Server and Handling Identity Manager-Provisioned Users