You may find this of value.
While having several discussions over the years, regarding IM's AD reverse password sync process; and how/when passwords are changed; I would outline the processes on whiteboards and/or via email.
I put together the two (2) decks to clarify the password data flow; and how to "force the solution" to "fail", where "fail" is to help identify when the solution's architecture should be adjusted to horizontally scale to millions of users.
Please forward comments if you have questions or find this of value.
Edit: 2018/07/27 Update PDF for Lifecycle of userPassword of CA Identity Manager solution.