Struggling with existing passwords for new IDM installation

I am having an issue understanding how to introduce an IDM 7.2 system into an existing ABAP only environment, I have been through the base steps for configuring multiple ABAP repositories for all the different systems/clients in my landscape, but when I do the initial load from the systems to get all of this data into the IDM system, my users get resent back out to the target systems. In most cases, this is a good thing, however, the password that is being distributed is the new password in the IDM system, so current users will not know their password when they try to login. I am trying to roll this out with minimal disruption to the current user community.

What I'd like is that if they already have a password in that system, for that password to stay the same until their 90 day expiration comes due. Once that expiration happens (in the production ECC system), I want to be able for them to change their password at login and have that password redistributed to all the child systems (BW production, test, etc.). I am using the standard 7.2 provisioning environment and am only concerned with ABAP systems at this point (no active directory or java integration). Is this achievable with the standard framework? If so, are their any guidelines or documentation that someone can help me out with?