If a password test fails, TPAM will initiate a password reset. In the case where the account being changed is NOT the functional account, TPAM has to check to see if the managed account is a valid administrator before attempting a password reset. If the managed account is then TPAM will first attempt to change the password using the old password, as the managed account. If unsuccessful, then the managed account is recreated on the managed system with the new password.
When the managed account's password needs to be changed:
1. The functional account connects to the managed system to verify that the managed account has the ability to change its own password.
2. Then the managed account connects to the managed system and changes its own password.