Is there any way to generate a password under CA PAM and then replicate it to the Active Directory (with a Domain Administrator account)?

I am implementing PAM with Active Directory.

PAM 3.x and AD

Once you have synchronized an Active Directory account with PAM, you can ask PAM to generate a password and update the Active Directory account.

The Active Directory connector, Windows Proxy connector, and Windows Remote connector all manage Windows accounts. Use the Active Directory connector to update the passwords of Active Directory accounts. This connector uses the LDAPS interface to Active Directory to update account passwords. If the connector communicates with a deployed Windows Proxy or a Windows Remote connector, you can use this connector to update Windows services and scheduled tasks.

The Active Directory target connector performs the following activities:
•Verifies and synchronizes the password against an Active Directory database.
•Queries one or more DNS servers to find domain controllers (optional).
•Uses LDAPS to connect to the domain controller.
•If you use a domain account for a service or for a scheduled task, one or more Windows Proxies update the credentials and restart services.

See also: Add an Active Directory Target Connector.