In my last posts I discussed regarding NIS and LDAP implantation using new RFC 2307 compliant schema on Windows environment. An important aspect of using these much depends on unixUserAttribute. If you want the Active directory users to change their Windows password and at the same time this attributes to be updated we need to ensure couples of pre-conditions are fulfilled.
Install Password sync component on All Domain Controllers. (BTW, you need schema administrator privilege to perform this installation).
The default encryption key is changed for password synchronization
The user has a NON NULL value in msSFU30NISDOmain attribute
Under “Windows to NIS (AD) Password Sync” “Enable Windows to NIS (AD) Password Sync check box is selected.