IDM 3.51 patched, eDir 882 FT2, on SLES 10.

In the AD driver, when I see a user get re-enabled, I call generate
password pointing at the password policy, and I am getting an NMAS 1633
error when it is called. Trace is not so meaningful, but here it is:

07/17/09 13:39:27.614]:ADDriver ST: Action:
do-set-local-variable("new-password",scope="policy",token-generate-password(policy-dn="
..\..\..\..\..\..\Security\Password Policies\UPPolicy")).
[07/17/09 13:39:27.620]:ADDriver ST:
arg-string(token-generate-password(policy-dn="..\..\..\..\..\..\Security\Password
Policies\UP
Policy"))
[07/17/09 13:39:27.621]:ADDriver ST:
token-generate-password(policy-dn="..\..\..\..\..\..\Security\Password
Policies\UPPolicy")
[07/17/09 13:39:27.640]:ADDriver ST:Processing returned document.
[07/17/09 13:39:27.640]:ADDriver ST:Processing operation <status> for