Environment
Identity Manager 4.7
Identity Manager 4.5
Situation
Customer has two IDM environments where passwords are synced from a single Active Directory Domain.
Both IDM instances were IDM version 4.5
After upgrading one environment to IDM 4.7, including the Remote Loader and password filter, AD password sync worked to the IDM 4.7 instance but no longer worked to the IDM 4.5 instance. The following error was seen in the IDM 4.5 remote loader AD driver trace.
DirXML: [06/04/20 14:02:56.36]: ADDriver: [PWD] PwdCrypt::DecryptObjectPassword() obtained handle successfully
DirXML: [06/04/20 14:02:56.36]: ADDriver: [PWD] PwdCrypt::DecryptObjectPassword() returned 0x8009000A
DirXML: [06/04/20 14:02:56.36]: ADDriver: [PWD 4664] GetPasswordInformation() - close the cache entry.
DirXML: [06/04/20 14:02:56.36]: ADDriver: [PWD 4664] PassSyncCache::GetPasswordInformation() returned 0x8009000A
DirXML: [06/04/20 14:02:56.36]: ADDriver: [PWD 4664] PassSyncCache::FreeSyncData()
DirXML: [06/04/20 14:02:56.36]: ADDriver: [PWD 4664] PassSyncCache::FreeSyncData() returned.
DirXML: [06/04/20 14:02:56.36]: ADDriver: [PWD 4664] GetPwdInfo() - an error occurred ... freeing the allocated memory.
DirXML: [06/04/20 14:02:56.36]: ADDriver: [PWD] PwdCrypt::DecryptObjectPassword() returned 0x8009000A
DirXML: [06/04/20 14:02:56.36]: ADDriver: [PWD 4664] GetPasswordInformation() - close the cache entry.
DirXML: [06/04/20 14:02:56.36]: ADDriver: [PWD 4664] PassSyncCache::GetPasswordInformation() returned 0x8009000A
DirXML: [06/04/20 14:02:56.36]: ADDriver: [PWD 4664] PassSyncCache::FreeSyncData()
DirXML: [06/04/20 14:02:56.36]: ADDriver: [PWD 4664] PassSyncCache::FreeSyncData() returned.
DirXML: [06/04/20 14:02:56.36]: ADDriver: [PWD 4664] GetPwdInfo() - an error occurred ... freeing the allocated memory.
The Remote Loader and the pwfilter used by the IDM 4.5 instance were upgraded to IDM 4.7 but the problem persisted.
Resolution
The pwfilter used by IDM AD passsync is somewhat tied to the AD driver version.
In this case, the IDM 4.5 remote loader and previously been upgraded from IDM 4.02 but the AD Driver had never been upgraded from version 4.0.0.0
The current version of the AD driver for IDM 4.5 is version 4.0.3.
Apply the patch to the IDM 4.5 remote loader resolved the problem.
Cause
pwFilter and AD Driver version compatibility.