Sun Java System Identity Synchronization for Windows 6.0 Deployment Planning Guide

Configuring pwsync to Not Propagate Passwords to Directory Server

The passwordSyncExcludeList System Configuration attribute lists resources that should not be updated when the Active Directory pwsync Plugin detects a password change. In an Identity Manager-Identity Synchronization for Windows environment, this attribute should include Directory Servers that are being synchronized, to prevent unwanted interaction between Identity Manager and Identity Synchronization for Windows. This attribute can be added to the system configuration object by going to the /debug page (for example, http://applicationserverhost:port/idm/debug), listing objects of type Configuration, and editing the System Configuration to include the following

<Attribute name='passwordSyncExcludeList' value='Directory Server Resource'/\>

where Directory Server Resource is the name of the resource to be excluded during a pwsync password change. (If there is more than one resource to exclude, use a comma-separated list.)