A collegue – IT pro recently asked for a guided labsetup of AD forest to forest password sync:
Implementing the Automated Password Synchronization Solution – Step-by-Step
Next document provides detailed steps to setup test environment with ILM/IIFP:
Synchronizing Passwords from an Authoritative Active Directory Forest to a Receiving Active Directory Forest.doc
More high-level overview
Automated Password Synchronization Solution Guide for MIIS 2003
But, keep in mind password sync is one-way. Synchronising passwords in 2 diirections could end-up in an endless loop.
"Bi-Directional Password Synchronization and an Infinite Loop
Bi-directional password synchronization occurs when more than one Active Directory forest is the authoritative source for automated password synchronization. MIIS 2003 does not support bi-directional password synchronization. Bi-directional password synchronization causes an infinite loop to occur. If your environment has multiple Active Directory forests, you must set one forest as the authoritative forest for automated password synchronization. Otherwise, an infinite loop occurs.
An example of an infinite loop is when Forest A receives a password change request, and then sends a password change notification to Forest B. Forest B interprets this as a change request, and then sends the request back to Forest A. Each time the notification is sent, the receiving forest interprets it as a change request, and then sends a new notification to the other forest, thus causing an infinite loop.
If bi-directional password synchronization is inadvertently set up, MIIS 2003 limits the number of password changes in 24 hours to prevent excessive password changes. If this scenario occurs, you lose any password changes that occur after this limit is reached."