Sun Java System Identity Synchronization for Windows 6.0 Installation and Configuration Guide

Installation Overview

This section illustrates a single-host installation procedure for Identity Synchronization for Windows.

Figure 2–1 Single-host installation procedure

single-host installation procedure

Some components must be installed in a particular order, so be sure to read all installation instructions carefully.

Identity Synchronization for Windows provides a “To Do” list, which is displayed throughout the installation and configuration process. This information panel lists all of the steps that you must follow to successfully install and configure the product.

Figure 2–2 To Do List for Identity Synchronization for Windows Installation and Configuration

This panel lists the remaining installation/configuration
steps you must perform.

As you go through the installation and configuration process, all completed steps in the list are grayed-out as shown in Figure 6–2.

The rest of this section provides an overview of the installation and configuration process.

Installing Core

When you install Core, you will be installing the following components:

Configuring the Product

After installing Core, use Console to initially configure the directory sources to be synchronized and other characteristics of the deployment, all from a centralized location.

Instructions for configuring directory resources are provided in Chapter 4, Configuring Core Resources.

Preparing the Directory Server

Before you can install Directory Server Connectors, you must prepare a Sun Java System Directory Server source for every preferred and secondary Directory Server that is being synchronized.

You can perform this task from the Console, or from the command line by using the idsync prepds subcommand.

Instructions for preparing Directory Server are provided in Preparing Sun Directory Source.

Installing Connectors and Configuring Directory Server Plug-In

You can install any number of connectors depending on the number of configured directories in your topology. Both the Console and the installation program use the directory label to associate a connector with the directory that is synchronized. The following table describes the label naming conventions.

Table 2–1 Label Naming Conventions

Connector Type 

Directory Source Label 


Directory Server Connector 

root suffix or suffix/database

Directory Server Plug-in 

Configure one Plug-in in every Directory Server (master or consumer) for the root suffix being synchronized. 

AD Connector 

Domain name 


NT Connector 

Domain name 

(Automatically installed with the Windows NT Connector) Change Detector and Password Filter DLL subcomponents are installed together in the same installation.

You must install the Windows NT Connector using the graphical user interface (GUI) installer. 

Table 2–2 Label Naming Examples

Connector Name 

Directory Source 


SunDS1 on ou=isw_data1




SunDS1 on ou-isw_data2



Instructions for installing and configuring Connectors are provided in Chapter 3, Installing Core

Synchronizing Existing Users

After installing the connectors, plug-ins, and subcomponents, you must run the idsync resync command-line utility to bootstrap deployments with existing users. This command uses administrator-specified matching rules to do the following:

Instructions for synchronizing existing users in your deployment are provided in Chapter 6, Synchronizing Existing Users and User Groups.