You may encounter a slow password re-set or password re-set failure if multiple passwords are being re-set in fast succession. This is because by default, the Provisioning Server sets a ten minute wait value between password synchronizations.

Example:

• Help desk personnel resets a users password within Identity Manager.
• The "Password Must Change" checkbox is checked.
• The user logs into Active Directory via his workstation with a new temporary password and also gets the message to change his password.
• The user enters a new password but the change fails.
• The password synchronization log records an error message: Password check for Active Directory Account 'test, user' on 'AD-Test' failed: Another password change is in progress.
• User waits ten minutes and repeats the steps, this time successfully.

The default ten minute wait value can be adjusted through the Provisioning Manager.

In the Provisioning Manager select Domains, Configuration/Password Synchronization/Agent Response Threshold.
There you will see the 600 seconds(10 mins) defined.
Edit this value down to 300 seconds and re-test.

Note:
The Password Sync Speed is also based on your Network and Hardware performance.
There is a risk of password changes stepping on each other if this value is set to low. Especially when you have multiple endpoints involved. If your Network and Hardware are fast, lowering this value should not pose too much of a problem. However, you would need to test and monitor this to ensure that the modification is not causing any residual issues.