This section lists product limitations. Limitations are not always associated with a change request number.
On Linux, before installing Identity Synchronization for Windows, make sure that the sun-sasl-2.19-4.i386.rpm package is installed on your system. Otherwise the Identity Synchronization for Windows installation would fail. You can get the SASL package from the shared components of the JES 5 distribution or later.
Changes to file permissions for installed Directory Server Enterprise Edition product files can in some cases prevent the software from operating properly.
To workaround this limitation, install products as a user having appropriate user and group permissions.
If you loose the system where Identity Synchronization for Windows core services are installed, you need to install it again. There is no failover for the Identity Synchronization for Windows core service.
Take a backup of ou=services (configuration branch of Identity Synchronization for Windows DIT) in LDIF format and use this information while reinstalling Identity Synchronization for Windows.
When you install Windows 2003 SP1, by default users are allowed one hour to access their accounts using their old passwords.
As a result, when users change their passwords on Active Directory, the on-demand sync attribute dspswvalidate is set to true, and the old password can be used to authenticate against Directory Server. The password synchronized on Directory Server is then the prior, old password, rather than the current Active Directory password.
See the Microsoft Windows support documentation for details on how to turn off this functionality.
To successfully uninstall Administration Server, remove /etc/mps/admin/v5.2/shared/config/serverroot.conf before you remove the Administration Server package.