You must ensure that Identity Manager does not propagate user password changes to Directory Server, but only to Active Directory. You must also ensure that Identity Managerrelies on Identity Synchronization for Windows to propagate the password changes to Directory Server.
To prevent a resource from being displayed in the table of resources where password changes occur, add the following form property to any form that is used for changing a user's password.
<Properties\> <Property name='Exclude'\> <list\> /<new class='com.waveset.object.AttributeCondition'\> <s\>id</s\> <s\>equals</s\> <s\>#ID#50D9481DC6C43026:3BB34:FFB73A9286:-7FC0</s\> </new\>/ </list\> </Property\> </Properties\>
The resource can be excluded by id (as shown in the form), by name (a string), or by type (also a string). The forms to which this property must be included are as follows:
Change My Password Form
Change Password Form
Expired Login Form
Tabbed User Form
If some of these forms already include the form property, only the new attribute condition needs to be added (from the XML fragment in this procedure).
In multiple attribute condition scenarios, the forms are and'ed together (they cannot be or'ed). For example, if the Change My Password Form and Change Password Form already include an attribute condition to exclude disabled resources, and the id condition is added, a resource will only be excluded if it meets both conditions, that is, it is disabled and has the ID you entered.