I need to stop password sync from Active Directory to edir.
I found the way to stop bi-directional on IDM201 Administration Guide
p.187 Password sync settings.

iManager - password management - password synchronization - I unchecked :
DirXML accepts passwords (Publisher Channel), Use Distribution Password
for password synchronization, Accept password only if it complies...
(turned to grey).

stop/start drivers.

Question one :
Tested seems everythings fine until I found out when I changed the user's
password on ConsoleOne, the password expired date changed to immediate
expired.

Question two :
Do I have to edit User Class to ignore on Publish ? (in order to stop
sync from AD to edir)

Question three :
How to set or check if users' distribution password is set or not ?

Scenario 4 - tunneling - sync connected system but not edir with
Distribution Password (Administration guide p.201)
univ pw is not sync with distribution password, how is the distribution
password set up for the users initially before sync to AD ?

Question four :
If I only have AD driver, do I have to ignore public and private key
attributes in the driver filter for nspmDistributionPassword attribute ?
Where I can set this ? I don't have edir driver ?

Question five :
during create AD driver, one of the option I chose BI-DIRECTIONAL, where
I can change this ? Would this stop sync from AD to edir if I just change
this option ?

Any advise would be very much appreciated.