If your considering using the PwdSync plug-in to sync passwords from AD into TIM there are a few things you need to consider. For one thing this is an all of nothing option. All accounts that ITIM manages will be included when you use the AD Password Sync plug-in. So it is important that there are no systems being managed by ITIM which more restrictive password policies than your AD password policy. Otherwise users in AD will set their password to something that passes the AD checks and fails when ITIM tries to sync that password to other systems. The problem is that the user will not know about the failure which will cause more help desk calls.
Also, an important point is that SSL is required for this to work. You will need to export a cert from your TIM server and import it into the PwdSync plug-in. My downloads page contains a detailed document that I typed up with screen shots explaining a but more about these issues that I found not very clear in the install guide. Feel free to check it out. Hopefully it will help to save someone some time.