For the driver to set a password in Active Directory (Subscriber channel), it must have a secure connection provided by one of the following conditions:
The machine running the driver is the same machine as the domain controller.
The machine running the driver is in the same domain as the domain controller.
The machine not in the domain requires the Simple method and SSL set up between it and the domain controller. Bidirectional password synchronization is available only when using the Negotiate authentication mechanism.
Refer to Microsoft documentation for instructions, such as Enabling Secure Sockets Layer for SharePoint Portal Server 2003.
In addition, the driver must have SSL enabled or have signing and sealing enabled. Enabling SSL or signing and sealing is done in the driver parameters. For more information, see Section A.1.5, Driver Parameters.