One of the guys here pulled a really dumb move last night...he wrote a
script to change AD passwords and accidentally set all 7000+ of them to
the same test password. DOH!!

Since there are still valid passwords in our SLES8, eDir based
Identity Vault (IDM2) the question is there an easy way to force eDir
passwords to re-sync to AD? We are using the standard AD driver
configured for one-way password sync from eDir to AD.

We handled the problem this time by expiring everyone's NDS login password
and forcing them to change it and then re-sync to AD. However, if a
similar problem happens again it would be nice to know if there is a
better way. Thanks,