JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Identity Synchronization for Windows 6.0 Installation and Configuration Guide
search filter icon
search icon

Document Information

Preface

Part I Installing Identity Synchronization for Windows

1.  Understanding the Product

Product Features

System Components

Watchdog Process

Core

Configuration Directory

Console

Command-Line Utilities

System Manager

Central Logger

Connectors

Connector Subcomponents

Directory Server Plug-In

Windows NT Connector Subcomponents

Message Queue

System Components Distribution

Core

Directory Server Connector and Plug-in

Active Directory Connector

Windows NT Connector and Subcomponents

How Identity Synchronization for Windows Detects Changes in Directory Sources

How Directory Server Connectors Detect Changes

How Active Directory Connectors Detect Changes

How Windows NT Connectors Detect Changes

Propagating Password Updates

Using the Password Filter DLL to Obtain Clear-Text Passwords

Using On-Demand Password Synchronization to Obtain Clear-Text Passwords

Reliable Synchronization

Deployment Example: A Two-Machine Configuration

Physical Deployment

Component Distribution

2.  Preparing for Installation

3.  Installing Core

4.  Configuring Core Resources

5.  Installing Connectors

6.  Synchronizing Existing Users and User Groups

7.  Removing the Software

8.  Configuring Security

9.  Understanding Audit and Error Files

Part II Identity Synchronization for Windows Appendixes

A.  Using the Identity Synchronization for Windows Command Line Utilities

B.  Identity Synchronization for Windows LinkUsers XML Document Sample

C.  Running Identity Synchronization for Windows Services as Non-Root on Solaris

D.  Defining and Configuring Synchronization User Lists for Identity Synchronization for Windows

E.  Identity Synchronization for Windows Installation Notes for Replicated Environments

Index

System Components Distribution

Before you can develop an effective deployment, you must understand how Identity Synchronization for Windows components are organized and how the product operates. This section discuss the following:

Core


Note - Install Sun Java System Message Queue 3.6 Enterprise Edition on the same machine where you are planning to instal Core.


Install all Core components only once in any of the supported operating system’s directory servers. Identity Synchronization for Windows installs Administration Server on your machine if it is not already installed.

Directory Server Connector and Plug-in

You can install Directory Server Connectors on any of the supported operating systems. You are not required to install a Directory Server Connector on the same machine where the Directory Server that is being synchronized is running. However, one Directory Server Connector must be installed for each configured Directory Server source.

You must configure the Directory Server Plug-in on every host where a Directory Server that is to be synchronized resides.


Note - A single Directory Server Connector is installed for each Directory Server source. However, Directory Server Plug-ins should be configured for each master, hub, and consumer replica to be synchronized.


Active Directory Connector

You can install Active Directory Connectors on any of the supported operating systems. You are not required to install an Active Directory Connector on a machine running Windows. However, one Active Directory Connector must be installed for each Active Directory domain. See the following figure for a sample distribution of components.

Figure 1-2 Directory Server and Active Directory Component Distribution

image:Block diagram showing Active Directory components.

Windows NT Connector and Subcomponents

To synchronize with Windows NT SAM Registries, you must install the Windows NT Connector in the Primary Domain Controller (PDC). The installation program also installs the two NT Connector subcomponents, the Change Detector and the Password Filter DLL, along with the Connector in the PDC of the NT domain. A single NT Connector synchronizes users and passwords for a single NT domain. See the following figure for a sample distribution of components.

Figure 1-3 Directory Server and Windows NT Component Distribution

image:Block diagram showing Windows NT Connectors and subcomponents.