Environment
NetIQ Identity Manager 4.5.x
NetIQ Identity Manager Driver - Active Directory
NetIQ Identity Manager Driver - Google Apps
NetIQ Identity Manager Driver - Active Directory
NetIQ Identity Manager Driver - Google Apps
Situation
The Active Directory password that is captured by pwfilter.dll (Active Directory Driver Password filter) during a password change event for a user comes over blank if Google Apps Password Sync 1.5.22.0 is installed Customer had old version which worked with pwfilter.dll Previous version was: 1.3.2080.1248 Newly installed version: 1.5.22.0 Stopping the Google Apps Password Sync did not solve the problem.
Resolution
Remove the Google Apps Password Sync components and reboot the DC to get the pwfilter to start capturing non-blank passwords.
Another potential resolution is to downgrade the Google APps Password Sync components to a previous version (1.4 or older).
Micro Focus Engineering is looking into the issue.
Additional Information
Trace Snipit showing the blank password.
-----------------
[09/01/16 12:04:13.258]:Active Directory PT:
<nds dtdversion="2.2">
<source>
<product build="20150311_120000" instance="\TEST_TREE\TEST\DriverSet\Active Directory" version="4.0.2.0">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<modify-password class-name="user" event-id="Active Directory##156e67e514a##1" password-admin-reset="true" src-dn="CN=User One,CN=Users,DC=novell,DC=test,DC=com">
<association>8d52d7e70b0a134ba9332da215caa6d9</association>
<password/>
</modify-password>
</input>
</nds>
------------------
Note the blank password <password/>
It should be: <password><!-- content suppressed --></password>
-----------------
[09/01/16 12:04:13.258]:Active Directory PT:
<nds dtdversion="2.2">
<source>
<product build="20150311_120000" instance="\TEST_TREE\TEST\DriverSet\Active Directory" version="4.0.2.0">AD</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<modify-password class-name="user" event-id="Active Directory##156e67e514a##1" password-admin-reset="true" src-dn="CN=User One,CN=Users,DC=novell,DC=test,DC=com">
<association>8d52d7e70b0a134ba9332da215caa6d9</association>
<password/>
</modify-password>
</input>
</nds>
------------------
Note the blank password <password/>
It should be: <password><!-- content suppressed --></password>