Identity Synchronization for Windows should be configured as described in Chapter 3, Case Study: Deploying in a High-Availability Environment Over a WAN Using SSL, and not for user creations or any other attribute synchronization.
User creation is not the responsibility of Identity Synchronization for Windows in this deployment. Therefore, new users that are added to Directory Server using Identity Manager will not be linked to the corresponding entries in Active Directory domains, or conversely. To establish this link for new users, an administrator must periodically execute idsync resync so that password changes for the new entries are synchronized.
The frequency with which this operation is executed is the administrator’s decision and the periodic automated execution is performed using a scheduled UNIX cron job. For details, see Periodic idsync resync Operation for Primary Installation.