If we could sync passwords created with SFU on AD, we might be able to solve the initial password population problem - from a user: "If you think you might be able to get the unix crypted passwords via msSFU (Microsoft Services for Unix), and populate FDS, you would be right, unless you are also wanting to synchronize those passwords. I tried it and blew out the password for every user on our domain, and had to recover from tape. The crypt is one-way, so once it is in FDS, you can successfully authenticate, but it looks like junk to the password sync code, and it ends up syncing junk to AD, which in turn, syncs junk back to FDS. Bad bad bad. "
This is not possible. We are investigating other ways to sync passwords with AD.