The MIM Service account will be the account that calls the MIM Synchronization service, and tells it to reset the password in AD. But in order for the MIM Service account to be able to do that, we need to assign it some permissions with the following steps:
We need to add the account to a couple of groups created during installation of the MIM Synchronization service.
Add the MIM Service account to the MIMSyncBrowse group, as shown in the following screenshot:
To be allowed to initiate a password reset, we also need to add the MIM Service account to MIMSyncPasswordSet, as shown in the following screenshot:
The call from MIM Service to the MIM Synchronization service to do a password reset is made using...