Overview

Overview illustrates the following three important components of the Identity Manager and Identity Synchronization for Windows cohabitation deployment:

• Active Directory Domains

• Separate Directory Server deployment

• Any other Identity Manager-managed resource, which does not include the previous two, for example, Oracle RDBMS

The Identity Manager Console handles resource administration such as system-wide password changes and users creation. All password changes between Directory Servers and Active Directory Domains are synchronized using Identity Synchronization for Windows. Password changes that occur within an Active Directory Domain are synchronized to Directory Server using Identity Synchronization for Windows, and synchronized to all other Identity Manager resources using pwsync (an Identity Manager DLL installed on the Primary Domain Controllers of Windows systems). All password changes originating from the Identity Manager Administrator Console are subsequently propagated to all Identity Manager resources, except the Sun Java System Directory Server. All user creations originating from the Identity Manager Console are reflected to all resources, including Directory Servers. For details, seeConfiguring pwsync to Not Propagate Passwords to Directory Server

Figure B–1 Password Synchronization and User Creation in an Identity Manager-Identity Synchronization for Windows Environment