Product Features

Sun Java System Identity Synchronization for Windows provides the following features and functionality:

• Bidirectional password synchronization. Enables you to synchronize user passwords between the following directory sources:

  • Sun Java System Directory Server and Windows Active Directory

  • Sun Java System Directory Server and Windows NT

  Synchronizing passwords allows users to access applications using these directory sources for login authentication, so users only have to remember a single password. In addition, when users have to apply periodic password updates, they only have to update their password in one location.

• Bidirectional user attributes synchronization. Enables you to create, modify, and delete selected attributes in one directory environment and propagate the values automatically to the other directory environment.

• Bidirectional user account creation synchronization. Enables you to create or delete a user account in one directory environment and automatically propagate the new account to the other directory environment.

• Bidirectional group synchronization. Enables you to synchronize the creation or deletion of a group, and association or disassociation of users with that group between Directory Server and Active Directory sources.

• Bidirectional object deletions, activations, and inactivations. Enable you to control the flow of object deletions, activations, and inactivations between Directory Server and Active Directory sources.

• Bidirectional account lockout and unlockout synchronization. Enables you to synchronize account lockout and unlockout between Directory Server and Active Directory sources.

• Synchronization with multiple domains. Enables you to synchronize with multiple Active Directory and Windows NT domains, and with multiple Active Directory forests.

• Centralized system auditing. Enables you to monitor from a single-centralized location, installation and configuration status, the day-to-day system operations, and any error conditions related to your deployment.

  You are not required to modify entries in Windows directories or to change the applications using the directories.

  If you are using Identity Synchronization for Windows to synchronize between Directory Server and Active Directory, you do not need to install any components in the Windows operating system.

  If you are synchronizing between Directory Server and Windows NT, you must install the product’s NT component in the Windows NT operating system.

The following features are not available for Windows NT:

• Bidirectional group synchronization

• Bidirectional object deletions, activations, and inactivations

• Bidirectional account lockout and unlockout synchronization