What's New in Oracle Identity Manager Connector for Microsoft Active Directory Password Synchronization?

This chapter provides an overview of the updates made to the software and documentation of the Microsoft Active Directory Password Synchronization connector in release 9.1.1.5.

The updates discussed in this chapter are divided into the following categories:

• Software Updates

  This section describes updates made to the connector software. This section also points out the sections of this guide that have been changed in response to each software update.

• Documentation-Specific Updates

  This section describes major changes made to this guide. For example, the relocation of a section from the second chapter to the third chapter is a documentation-specific update. These changes are not related to software updates.

Software Updates

The following sections discuss software updates:

• Software Updates in Release 9.1.1.5

• Software Updates in Release 9.1.1.4

• Software Updates in Release 9.1.1

• Software Updates in Release 9.1.0.1

• Software Updates in Release 9.1.0

Software Updates in Release 9.1.1.5

The following are software updates in release 9.1.1.5:

• Support for New Version of the Connector

• Support for New Oracle Identity Manager Release

Support for New Version of the Connector

From this release onward, version 9.1.1.5.16 of the connector is available for deployment. Be sure to download and apply mandatory patch 28353217 from https://support.oracle.com and to follow the readme instructions for proper deployment of this version of the connector.

Support for New Oracle Identity Manager Release

From this release onward, the connector can be installed and used on a target system that can access a running instance of Oracle Identity Manager 11g release 1 (11.1.1). Where applicable, instructions specific to this Oracle Identity Manager release have been added in the guide.

See Certified Components for more information.

Software Updates in Release 9.1.1.4

The following are software updates in release 9.1.1.4:

• Support for Customizing the Location of OU

• Resolved Issues

Support for Customizing the Location of OU

From this release onward, you can customize the location of OU (Persistent Store) only while installing the connector. You can now create it under a different OU. However, once the OU is created, you cannot change its location.

See Installing the Connector for more information about Persistent Store.

Resolved Issues

The following are issues resolved in release 9.1.1.4:

Bug Number	Issue	Resolution
9110130	The connector did not allow the setting of time delay to less than one minute. If the connector was installed on two Domain Controllers, and the password change operations were initiated on both within one minute, then the order in which the password reset operations were processed was incorrect.	This issue has now been resolved. The password change operations are now carried out in the correct sequence.

Software Updates in Release 9.1.1

The following are software updates in release 9.1.1:

• Architecture of the Connector Has Been Modified

• No Dependency on the Microsoft Active Directory User Management Connector

• Support for Password Propagation through SPML Web Service

• Support for Storing Configuration Parameters in the Registry

• Support for Retrying Password Propagation when Oracle Identity Manager is not Available

• No Requirement for Creating an Attribute in Microsoft Active Directory to Track Password Changes

• No Requirement for Reinstalling the Connector if the Account Used by the Connector for Logging in to Oracle Identity Manager is Changed

• Resolved Issues

• Additions to the List of Known Issues

Architecture of the Connector Has Been Modified

The architecture of the password synchronization connector has been completely modified. Major changes made in the new, fault-tolerant architecture of the connector are discussed in the subsequent sections.

No Dependency on the Microsoft Active Directory User Management Connector

In earlier releases, you had to install the Microsoft Active Directory User Management connector before you could start using the password synchronization connector. From this release onward, the password synchronization connector does not use any component of the user management connector. At the same time, password propagation from Microsoft Active Directory to Oracle Identity Manager can be configured to complement the features offered by the user management connector.

Support for Password Propagation through SPML Web Service

In earlier releases, the connector used the Oracle Identity Manager APIs for password propagation from Active Directory to Oracle Identity Manager. From this release onward, the connector uses SPML Web service for password propagation to Oracle Identity Manager.

Support for Storing Configuration Parameters in the Registry

The connector stores all configuration parameters of the connector in the Microsoft Windows Registry. This enables you to reconfigure the configuration parameters without reinstalling the connector. This feature also replaces the xlconfig.xml file that was used to store configuration parameters in earlier releases.

See "Reconfiguring the Connector" for more information.

Support for Retrying Password Propagation when Oracle Identity Manager is not Available

In the earlier releases, if Oracle Identity Manager was not available, then the connector did not retry propagating the password to Oracle Identity Manager. From this release onward, the connector retries password propagation if Oracle Identity manager is not available.

See "Connector Architecture" for more information.

No Requirement for Creating an Attribute in Microsoft Active Directory to Track Password Changes

In earlier releases, the connector required an attribute to be created in Microsoft Active Directory to act as a flag for tracking password changes initiated by Oracle Identity Manager. From this release onward, this attribute is not required.

No Requirement for Reinstalling the Connector if the Account Used by the Connector for Logging in to Oracle Identity Manager is Changed

In earlier releases, if you had changed the password of the account that the connector used to log in to Oracle Identity Manager during a password synchronization operation, then you had to reinstall the connector with the changed password. From this release onward, you can reconfigure the connector whenever you change the login credentials of the account that the connector uses for logging in to Oracle Identity Manager during a password synchronization operation. This eliminates the need for reinstalling the connector.

See "Reconfiguring the Connector" for more information.

Resolved Issues

The following are issues resolved in release 9.1.1:

Bug Number	Issue	Resolution
7276037	IT resource name in the adsynch.log file was not localized.	This issue does not apply for this release of the connector. In this release, the IT resource name is not recorded in the log file.
7272742 and 7293723	After you installed the connector, logging was automatically enabled. You could not disable it. In addition, you could not specify or change or the log level.	This issue has now been resolved. You can now enable and disable logging for the password synchronization connector. See "Enabling and Disabling Logging" for more information.

Additions to the List of Known Issues

In Known Issues and Workarounds, the following items has been added:

Bug 8361237

Information about events that occur during connector installation are recorded in the oimpwdsync.log file, which is located in the %TEMP% directory.

The oimpwdsync.log file is not deleted when you reinstall or reconfigure the password synchronization connector.

Software Updates in Release 9.1.0.1

The following is a software update in release 9.1.0.1:

• Single Installer for Both 32-Bit and 64-Bit Microsoft Windows

Single Installer for Both 32-Bit and 64-Bit Microsoft Windows

A single installer has been developed for Microsoft Active Directory running on 32-bit and 64-bit Microsoft Windows. Corresponding changes have been made in this release of the guide.

Software Updates in Release 9.1.0

The following are software updates in release 9.1.0:

• Support for 32-Bit and 64-Bit Microsoft Windows

• Oracle Identity Manager Flag Field for Tracking Password Changes Is Automatically Created

• Support for Signature-Based Authentication

Support for 32-Bit and 64-Bit Microsoft Windows

The password synchronization connector has separate installers for Microsoft Active Directory running on 32-bit and 64-bit Microsoft Windows.

Oracle Identity Manager Flag Field for Tracking Password Changes Is Automatically Created

An Oracle Identity Manager flag field is used to track password changes propagated by the connector. In earlier releases, you had to manually create this field in Oracle Identity Manager. From this release onward, the field is automatically created in Oracle Identity Manager when you install the Microsoft Active Directory User Management connector.

Support for Signature-Based Authentication

The password synchronization connector supports signature-based authentication. This is an alternative to password-based authentication for connecting to Oracle Identity Manager during password synchronization operations.

Information specific to signature-based authentication has been provided at various places in this guide.

Documentation-Specific Updates

The following sections discuss documentation-specific updates:

• Documentation-Specific Updates in Release 9.1.1.5

• Documentation-Specific Updates in Release 9.1.1.4

• Documentation-Specific Updates in Release 9.1.0.1

Documentation-Specific Updates in Release 9.1.1.5

The following is a documentation-specific update in revision "25" of this guide:

A Note present in section Configuring the IT Resource for the Target System and Specifying a Value for the Allow Password Provisioning Parameter has been updated.

The following is a documentation-specific update in revision "24" of this guide:

The "Target system" row of Table 1-2 has been updated to include support for Microsoft Active Directory 2008 R2.

The following is a documentation-specific update in revision "23" of this guide:

Microsoft Active Directory Password Synchronization Connector Creates a Dummy User During Installation has been added.

The following are documentation-specific updates in revision "22" of this guide:

• The "Target system" row of Table 1-2 has been updated to include support for Microsoft Active Directory 2019. In addition, information about the minimum supported connector patch version has been added.

• The "Other software" row of Table 1-2 has been updated.

• Information about installing the connector manually has been added as a note in Installation.

• Minor updates to the document structure has been made for better readability.

The following are documentation-specific updates in revision "21" of this guide:

• The "Oracle Identity Governance or Oracle Identity Manager" row of Table 1-2 has been updated to include support for Oracle Identity Governance 12c (12.2.1.4.0).

• Configuring the Connector for Oracle Identity Governance 12c (12.2.1.4.0) has been added.

• Support for New Version of the Connector has been added to Software Updates in Release 9.1.1.5.

• A "Note" regarding dummy user has been added to Step 14 of Installing the Connector.

The following are documentation-specific updates in revision "20" of this guide:

• A "Note" in Configuring SSL has been updated to include information on the password sync issue if Microsoft Active Directory is running on Windows 2008 R2.

• Excluding Users for Password Synchronization has been added.

• Uninstalling Release 9.1.1.5.x of the Connector has been added.

The following are documentation-specific updates in revision "19" of this guide:

• Steps 3 and 4 of Removing an Existing Installation of Release 9.1.1.x have been modified.

• Step 7 of Configuring Custom Identity Keystore in Oracle WebLogic Server has been modified.

The following are documentation-specific updates in revision "18" of this guide:

• The "Oracle Identity Manager" row of Table 1-2 has been renamed to "Oracle Identity Governance or Oracle Identity Manager" and also updated to include support for Oracle Identity Governance 12.2.1.3.0.

• Setting up the SPML-DSML.ear for Password Synchronization has been added.

• Steps 3 and 4 of Removing an Existing Installation of Release 9.1.1.x have been modified.

The following is a documentation-specific update in revision "17" of this guide:

The "Target systems" row of Table 1-2 has been updated to include support for Microsoft Active Directory 2016.

The following are documentation-specific updates in revision "16" of this guide:

• The "Target systems" row of Table 1-2 has been updated.

• Appendix A, "Special Characters Supported for Passwords" has been removed as all special characters that you can use in the Password field of Microsoft Active Directory are supported in Oracle Identity Manager.

• The "Known Issues" chapter has been renamed to Known Issues and Workarounds and has been restructured.

• Issue with ASCII Characters in User Names has been added to describe a known issue related to ASCII characters.

The following are documentation-specific updates in revision "15" of this guide:

• An issue related to InstallShield has been added to Table 4-1.

• Determining the Release Number of the Connector has been added.

• The reference information in Appendix A, "Special Characters Supported for Passwords" has been modified.

• The "Other software" row of Table 1-2 has been updated.

• The "Oracle Identity Manager" row of Table 1-2 has been updated.

• A "Note" regarding special characters that are not supported has been added to Appendix A, "Special Characters Supported for Passwords."

The following are documentation-specific updates in revision "14" of this guide:

• The "Target systems and target system host platforms" row has been renamed to "Target systems" in Table 1-2.

• The "Target systems" and "Other software" rows of Table 1-2 have been updated.

The following are documentation-specific updates in earlier revisions of this guide:

• In Installing the Connector, step number 12 has been updated for time interval after which password synchronization happens with OIM (in Seconds).

• A "Note" has been added to Configuring the IT Resource for the Target System and Specifying a Value for the Allow Password Provisioning Parameter.

• Information has been added to step 15 in Installing the Connector.

• Information has been added to step 7 in Configuring Custom Identity Keystore in Oracle WebLogic Server.

• Information has been added to the "Description" column in the "OIM User Attribute" row, in Table 2-2.

• In Signing the Certificate, information about importing the self-signed certificate as a trusted entry in the Java standard store has been added.

• Troubleshooting the Connector has been added.

• Instructions specific to Oracle Identity Manger release 11.1.2.x have been added throughout the guide, wherever applicable.

• The "Verifying Deployment Requirements" section has been removed. However, the contents of that section have been moved to Certified Components.

• The "Target systems and target system host platforms" row of Table 1-2 has been modified.

Documentation-Specific Updates in Release 9.1.1.4

The following are documentation-specific updates in release 9.1.1.4:

• Section 2.1.1, "Verifying Deployment Requirements" has been updated.

• An attribute has been added in Table 2-1.

• Appendix B, "PrepAD.ldif" has been added to provide information about the PrepAD.ldif file.

Documentation-Specific Updates in Release 9.1.0.1

The following are documentation-specific updates in release 9.1.0.1:

• In the Deploying the Connector chapter, the "Determining the Release Number of the Connector" section has been removed.

• In the Known Issues and Workarounds chapter:

  • Bug 7155390 has been removed as the bug had been resolved in release 9.1.0.1 of the connector.

  • Known issue has been added.

• In the "Verifying Deployment Requirements" section, changes have been made in the "Target systems and target system host platforms" row.