When a user is forced to change  his password. He is redirected to the change password page. Once submit old/new password we are getting the following errors in the policy server traces:

[03/14/2017][14:37:18.115][14:37:18][2284][2984][plugin_AD.cpp:451][][][][][][][][][][][][][][][][][][][][][][LogMessage:ERROR:[sm-Ldap-00880] (SetUserProp) DN: 'xxyyzz', PropName: 'unicodePwd', PropValue: '****' . Status: Error 19 . Constraint Violation][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

Enhanced AD integration is enabled, which means that the AD password policy was being applied to the user. There was no password policy defined for the User Directory in Siteminder.

In AD Policy, the minimum password age was set to 1 day which, in this case  did not permit the password change as the password was not older than 1 day.

You have to modify AD password policy as per your needs as product is working as designed and trust AD to manage password change (Enhanced AD integration is enabled)

If there are other constaints on the AD policy you may have the same error message and users will not be able to change their password.