|Skip Navigation Links|
|Exit Print View|
|Oracle Identity Synchronization for Windows 6.0 Deployment Planning Guide|
Identity Synchronization for Windows is a background system that with one exception is not user-facing. Therefore, if it is temporarily unavailable, for example, due to routine hardware maintenance, then most users will be unaffected. Once the system is restored, Identity Synchronization for Windows will synchronize all changes that were made while it was unavailable. The user-facing aspect is the on-demand password synchronization performed from the Directory Server Plugin to Active Directory. If on-demand password synchronization fails, then the user will not be able to log into Directory Server. Therefore, Identity Synchronization for Windows provides more availability options for this area. The Directory Server Plugin can be configured to authenticate to any Active Directory domain controller, so even if all but one Active Directory domain controller is down, on-demand password synchronization will still succeed.
Note - The Directory Server Plugins receive their configuration from the Directory Server Connector over an encrypted channel. This configuration, which includes the location of the Active Directory domain controllers and credentials, is cached in memory by the plugin, so even if the Directory Server Connector is unavailable, it will still be able to connect to Active Directory. However, if Directory Server is restarted, then the plugin's cached configuration is lost, and on-demand synchronization at that Directory Server will fail until the Directory Server Connector is available.
Depending on the size of the deployment, the failover procedure might take anywhere from minutes to over an hour to perform. Therefore, the failover procedure should not be undertaken if the Identity Synchronization for Windows outage is expected to be short and temporary, for example, during the system restart of the Identity Synchronization for Windows Core machine. Failover is recommended only in situations where Identity Synchronization for Windows must be completely re-installed or a complete idsync resync operation must be run over a large population.
Any machine where the Identity Synchronization for Windows Core or a Connector run has a hardware failure.
The configuration directory that stores the Identity Synchronization for Windows configuration is corrupt.
The Active Directory domain controller that the Active Directory Connector communicates with experiences a hardware fault and must be rebuilt.
The preferred Directory Server master is corrupted and must be initialized from another master.