Identity Synchronization for Windows provides the following features and functionality:
Bidirectional password synchronization: Enables you to synchronize user passwords between the following directory sources:
Sun Java System Directory Server and Windows Active Directory
Sun Java System Directory Server and Windows NT
Synchronizing passwords allows users to access applications using these directory sources for login authentication so they only have to remember a single password. In addition, when users have to apply periodic password updates, they only have to update their password in one environment.
Bidirectional user attributes synchronization : Enables you to create, modify, and delete selected attributes in one directory environment and propagate the values automatically to the other directory environment.
Bidirectional user account creation synchronization : Enables you to create or delete a user account in one directory environment and automatically propagate the new account to the other directory environment.
Bidirectional group synchronization: Enables you to create or delete a group, and associate or disassociate users with that group in a directory environment. The changes you make in one directory environment automatically propagate to the other directory environment.
Bidirectional object deletions, activations, and inactivations: Enables you to control the flow of object deletions and object activations and inactivations between Directory Server and Active Directory sources.
Bidirectional account lockout and unlockout synchronization: Enables you to synchronize the account lockout and unlockout between the Directory Server and Active Directory sources.
Synchronization with multiple domains: Enables you to synchronize with multiple Active Directory and Windows NT domains, and with multiple Active Directory forests.
Centralized system auditing: Enables you to monitor installation and configuration status, the day-to-day system operations, and any error conditions related to your deployment from a single, centralized location.
You will not be required to modify entries in Windows directories, or to change the applications using the directories.
If you are using Identity Synchronization for Windows to synchronize between Directory Server and Active Directory, you need not install any components in the Windows operating environment.
If you are synchronizing between Directory Server and Windows NT, you must install the product’s NT component in the Windows NT environment.
The following features are not available for Windows NT:
Bidirectional group synchronization
Bidirectional object deletions, activations, and inactivations
Bidirectional account lockout and unlockout synchronization