This section explains how to configure the following directory sources:
When configuring the Directory Server source, the preferred Directory Server is set to master-east.eb.com. The Directory Server Connector uses this Directory Server to detect and update changes that require synchronization with Active Directory and Windows NT. Alternatively, the master-west.eb.com domain could have been selected. However, Directory Server Connector performance is better when connecting to a local Directory Server instead of a Directory Server located over a wide area network (WAN).
When the password modification settings are changed, the Console automatically enables the SSL option, which is required while synchronizing from Directory Server to Active Directory.
In the Directory Sources window of the Identity Synchronization for Windows Console (Console), click New Sun Directory.
In the Define Sun Java System Directory Source dialog box, select Specify a Preferred Server.
Select Choose a Known Server and then choose a preferred Directory Server from the drop-down menu, in this case, master-east.eb.com.
(Optional) Select Specify Secondary Servers to select a secondary Directory Server, in this case, master-west.eb.com.
If master-east.eb.com is unavailable, the Directory Server Connector synchronizes changes made at Active Directory to master-west.eb.com.
The Active Directory global catalog information enables the Identity Synchronization for Windows Console to learn the Active Directory configuration. In this case study, the global catalog is running on ad-west.eb.com. By default, the Console auto-populates the User DN field with the Administrator DN, cn=Administrator,cn=user,dc=eb,dc=com. However, you need to change this field to the special Identity Synchronization for Windows user that was created earlier, cn=iswUser,cn=Users,dc=eb,dc=com.
In the Console, in the Directory Sources window, click New Active Directory Source.
Type the fully qualified name in the Host field, in this example, ad-west.ed.com.
Change the default User DN (cn=Administrator) to the DN cn=iswUser,cn=Users,dc=eb,dc=com.
Provide credentials for the Active Directory domain, then click Next.
The Active Directory Connector uses the same Identity Synchronization for Windows special user credentials to connect to Active Directory that you provided when connecting to the global catalog.
Specify the PDC FSMO role owner domain controller.
The ad-west.eb.com domain controller is the PDC FSMO role owner. Certain changes (for example, password modifications) made at other domain controllers are replicated immediately to this domain controller. The Active Directory Connector communicates with this domain controller so that changes made at any Active Directory domain controller can be synchronized immediately to Directory Server. This Active Directory replication can take several minutes.
The Active Directory Connector for this domain is installed on the same machine where Identity Synchronization for Windows Core is installed, on master-east.eb.com. The connector communicates over the WAN with ad-west.eb.com. Active Directory Connector performs better across WAN than the Directory Server Connector because Active Directory Connector performs fewer directory searches to detect changes.
Specify one or more failover domain controllers for on-demand password synchronization, in this case, ad-east.eb.com.
If ad-west.eb.com is unavailable, the Directory Server plug-in performs on-demand password synchronization against ad-east.eb.com.
After the Directory Server and the Active Directory sources are configured, configure the Windows NT domain.
In the Console, in the Directory Sources window, click New Windows NT Directory Source.
The Define a Windows NT Directory Source dialog box is displayed.
Select Specify the Windows NT Domain, type the Windows NT domain, in this case, EXBANK, and click Next.
Type the Primary Domain Controller of the EXBANK domain.
The NETBOIS name of the Primary Domain Controller is pdc-east. The fully qualified name of this host is pdc-east.eb.com.