We have a central Active Directory..

The AD team have been kind enough to allow us to install Remote Loaders
for our IDM Vault.. (IDM 3.6.1)

Now if a password change comes from AD and the account is not
associated, the operation is vetoed, it does not make it to the matching

If however the operation is any like a modify then the operation gets to
the matching rule and a match is either found or not..

Obviously once the match has been made the association is then created.

Is there an easy way to allow an unassociated object to find a matching
object and then associate itself so the password can be changed?

Have I missed something simple here? (Sorry I haven't done much with
IDM for a while as the other drivers just sit here and run :-)