Identity Manager can be integrated with Active Directory as an endpoint, and when this happens IM can manage the user's passwords. You'll see an issue with users who are entitled to a fine grain password policy such as the following use case:
You have users who are entitled to a fine grain password policy (FGP) in Active Directory. There is no password policy in Identity Manager but the base AD policy requires a 7 character password, while the FGP requires 2 characters.
If you provide a user's AD account with the group required to give them the FGP, they still cannot change the global user's password to a 2 character password. It returns saying that it does not match the base AD policy of 7 characters, even though the user is actually entitled to FGPs.
When you try to change the password on AD it works as expected and accepts their 2 character password.
Does CA Identity Manager support fine grain password policies?
Release: 14.x
Component: IDMGR