It is not listed in the documentation as a requirement, but does vIDM need a secure LDAP connection with the domain if you want to allow password change through vIDM? If I read this, it should:
https://technet.microsoft.com/en-us/library/cc514301.aspx
Sven Huisman
VMware vExpert 2009-2016
Twitter: @svenh
blog: svenhuisman.com
