This is a walk through of the configuration changes necessary to prevent users from changing their Active Directory passwords when your Provisioning Server is unreachable. By default, if the Provisioning Server is unavailable, users will still be allowed to change their passwords.
1. On the system that has Password Sync Agent installed, go to the following path: C:\Program Files\CA\eTrust Admin Password Sync Agent\data
*Please note that this is the default installation path.
2. Open the file eta_pwdsync.conf using an editor program such as notepad.
3. Search for the following text: out_of_sync
4. Ensure that the out_of_sync variable is set to no. The line in the file should look like this: out_of_sync=no
Please note that this needs to be done for every domain controller on your network.