We are using FIM 2010 R2 to provision accounts to two different Active Directory domains. We use codeless provisioning.
Users may start with an account in domain A or B only, and later on they get an account in the other AD domain.
So if a user is created in domain A first and later on they are provisioned to B, PCNS is picking up the initial password for the newly created domain B account and then users are getting their existing passwords overwritten if they have other accounts linked in FIM.
Besides adding sync rules to add a new account to a group recognized by PCNS for exclusion, is there another solution to prevent newly created AD accounts from triggering password changes?
Thanks.