Please use the following procedure in correct order to change the AD Endpoint user's password:
     1. Launch Provisioning Manager and login as etaadmin
     2. Find the Active Directory endpoint item and open the configuration
     3. Select "ADS Server" tab and click [Update] to the right of User ID field and update with the new password

     4. Login to AD Endpoint Windows Server and change the service account with the same password.
     5. Immediately restart JCS/CCS Windows Services

The above procedure can be done similarly using IM User Console. Please make sure CCS Connector Server is running when using IM User Console and do restart Connector Server service after step 4.

We may have problem if the above steps are done not in the correct order, i.e. if the new password is set to service account on AD Endpoint Windows Server before it is set at AD Endpoint configuration in Identity Manager side. In this case, Provisioning Server sees AD Endpoint as offline and communication from Connector Server (C++ Connector) ceases.

When falling into this 'offline' Endpoint situation, you may use below procedure to rectify it.

1. Stop ALL connector servers that manage AD endpoint under question
2. Change AD user password and ensure AD user is not locked
3. Connect to the Provisioning Directory (IMPD, i.e. tcp/20391 port, bind account: eTDSAContainerName=DSAs,eTNamespaceName=CommonObjects,dc=etadb, bind password: Provisioning Directory Shared Secret) using 3rd party LDAP Browser, such as JXplorer, and change the password of service account in the AD endpoint object manually.
   
   I.e. set new password into "eTADSAuthPWD" attribute value under
      dc = etadb
        + dc = im
          + eTNamespaceName = ActiveDirectory
             + eTADSDirectoryName = <Active Directory endpoint name>
   
   
4. Start all connector servers
5. Set password again from IM user console or Provisioning Manager to replace clear value with encrypted value.