Planning the Integration with Microsoft Active Directory
To successfully set up the integration of Oracle Identity Management with Microsoft Active Directory, do the following:
- Determine the kind of synchronization required. You base this determination on:
- Whether Oracle Internet Directory or Microsoft Active Directory is to be the source of truth for user and group information
- Whether one-way or two-way synchronization is required
- Whether single or multiple Microsoft Active Directory domains are to be integrated
- In case of multiple domains, whether the Global Catalog is configured in the Microsoft Active Directory environment.
- Determine whether the Active Directory external authentication plug-in is required. If it is, then follow the steps in "Configuring The Active Directory External Authentication Plug-in".
- If you are synchronizing from Microsoft Active Directory to Oracle Internet Directory, and need to track changes in Microsoft Active Directory, then determine the tracking approach by using Table 43-2. The synchronization scenarios described later in "Configuring the Active Directory Connector" are based on the USNChanged approach. However, to use the DirSync approach, the synchronization scenarios requires a minor change that is documented in the scenarios.
- If the synchronization scenarios described in section "Configuring the Active Directory Connector" do not meet your requirements, then see "Customizing the Active Directory Connector".
Once you are ready for synchronization, but before you start it, decide whether you need initial migration of data from Microsoft Active Directory to Oracle Internet Directory or from Oracle Internet Directory to Microsoft Active Directory. If you do, then follow the steps in the "Migrating Data Between Directories".