User passwords are stored in the unicodePwd property. Due to security reasons, Active Directory doesn't allow reading this property (that's why value reference %unicodePwd% will always be replaced with an empty string).
There are two ways on how you can solve this problem.
Method 1: Temporarily store user passwords in an intermediate property, use a value reference to this property in the notification text, and then clear this property.
1. Choose any unused property of AD user objects (e.g. Notes). Configure Property Patterns to generate a value for this property using template %unicodePwd%.
2. In the e-mail notification text use value reference to this property (e.g. Password: %info%).
3. Configure the Business Rule to clear the value of the property right after e-mail notification is sent. (Add Update the User action, click Add, select the Notes property, and click Remove property)
Method 2: Send e-mail notifications using a script.
1. Add 'Run a program or PowerShell script' action to your Business Rule.
2. Select PowerShell script in the Type combo box.
3. Use the following script to send e-mail notifications:
$emailTo = "to@company.com";
$emailFrom = "noreplay@company.com"
$subject = "Subject"
$body = "User Full Name: %username%
UserID: %uid%
TempPWD: {0}."
$smtpServer = "smtp.company.com"
if ($Context.IsPasswordChanged())
{
$newPassword = $Context.GetNewPassword();
$body = [System.String]::Format($body, $newPassword)
$smtp = new-object Net.Mail.SmtpClient($smtpServer)
$smtp.Send($emailFrom, $emailTo, $subject, $body)
}