If you are planning to propagate password changes from Directory Server to Windows Active Directory servers you must configure each Active Directory server to use SSL and install the high-encryption pack.
The Identity Synchronization for Windows Active Directory Connector installer can automatically set-up SSL in the Active Directory Connector if you enable LDAP over SSL in Active Directory by automatically obtaining a certificate from a Microsoft Certificate Services Enterprise Root certificate authority as described in:
http://support.microsoft.com/default.aspx?scid=kb;en-us;q247078
However, LDAP over SSL can more easily be configured as described in this MSDN tech note:
http://support.microsoft.com/default.aspx?scid=kb;en-us;321051
In this case, if you decided to require trusted certificates for SSL communication, you must manually install the certificate in the Connector’s certificate database as described in Enabling SSL in the Active Directory Connector.