Before you can develop an effective deployment, you must understand how Identity Synchronization for Windows components are organized and how the product operates. This section is organized as follows:
When you understand the basic concepts described in this section and in the Deployment Scenario example (on Deployment Example: A Two-Machine Configuration), you should be able to extrapolate the information to create deployment strategies for more complex, sophisticated scenarios (such as mixed Active Directory and Windows NT environments or multi-server environments).
Install all Core components only once in any of the supported operating system’s directory servers. Identity Synchronization for Windows installs Administration Server on your machine if it is not already installed. Install Message Queue 3.6 Enterprise Edition on the same machine where you are planning to instal Core.
You can install Directory Server Connectors on any of the supported operating systems. You are not required to install a Directory Server Connector on the same machine where the Directory Server being synchronized is running. However, there must be one Directory Server Connector installed for each configured Directory Server source.
A single Directory Server Connector is installed for each Directory Server source. However, Directory server Plug-ins should be configured for each master, hub, and consumer replica to be synchronized.
You can install Active Directory Connectors on any of the supported operating systems. You are not required to install an Active Directory Connector in the Windows environment; however, there must be one Active Directory Connector installed per Active Directory domain.
To synchronize with Windows NT SAM Registries you must install the Windows NT Connector in the Primary Domain Controller (PDC). In addition, the installation program installs the two NT Connector subcomponents (the Change Detector and the Password Filter DLL) along with the Connector in the PDC of the NT Domain. A single NT Connector synchronizes users and passwords for a single NT Domain.