The Windows NT Connector detects user entry and password changes by examining the Security log for audit events about user objects.
To synchronize with Windows NT SAM Registries (see Windows NT Connector and Subcomponents) you must install the Windows NT Connector in the Primary Domain Controller (PDC). In addition, the installer installs the two NT Connector subcomponents (the Change Detector and the Password Filter DLL) along with the Connector in the PDC of the NT Domain. A single NT Connector synchronizes users and passwords for a single NT Domain.
If you have a Windows NT machine in your deployment, auditing must be enabled or Identity Synchronization for Windows cannot read log messages from that machine. To verify whether audit logging is enabled on your Windows NT machine, see Enabling Auditing on a Windows NT Machine
For a description of the Change Detector and the Password Filter DLL subcomponents, review Windows NT Connector Subcomponents