Verify the configuration of the Password Check profile and the Account Management Settings.
If the Account is set to "None", then the Management tab should be greyed out and all password check and change profiles will be ignored. No action should be performed on the Account when it is set to None.
If Password Management is enabled on the Account, then you will need to verify what profiles have been assigned to confirm the expected behavior.
If you are using the default "Check and Reset" profile, or if you are using a custom one that is set to force reset a password after a mismatch is discovered, this could cause the password to be reset, despite automatic password management being disabled.
The workflow goes like this:
- Managed Account is added to TPAM and assigned Check and Change profiles.
- When the next time window for a Check occurs, a Check is performed and since the new Account password is blank, a mismatch is reported.
- The mismatch triggers a forced reset of this Account in order to sync the password with the target system.
To prevent this from happening, set the Account to "None", or change the condition in the Check profile to "Do Nothing" on password mismatch