Identity Synchronization for Windows provide bidirectional password and user attribute synchronization between Directory Server and the Windows Active Directory or NT SAM registry. This chapter describes the key features of Identity Synchronization for Windows and covers the following topics:
Identity Synchronization for Windows synchronizes account creation, modification, inactivation, and deletion between Active Directory and Directory Server, or Windows NT and Directory Server. Using Identity Synchronization for Windows you can create, modify, and delete selected attributes or users accounts in one directory environment and propagate the changes automatically to the other directory environment.
Identity Synchronization for Windows enables you to control the flow of object deletions and object activations and inactivations between Directory Server and Windows.
You can use Identity Synchronization for Windows to synchronize data with multiple Active Directory and Windows NT domains and with multiple Active Directory forests. The centralized system auditing makes it possible for you to monitor installation and configuration status, day-to-day system operations, and any error conditions related to your deployment from a single, centralized location.
Identity Synchronization for Windows supports synchronization of user groups between Directory Server and Active Directory. You can map a group on Directory Server to either Domain Global Distribution, or to Domain Global Security on Active Directory.
For more information aboutgroup synchronization, see Configure Identity Synchronization for Windows to Detect and Synchronize Groups Related Changes between Directory Server and Active Directory in Sun Java System Directory Server Enterprise Edition 6.0 Installation Guide.
Identity Synchronization for Windows supports synchronizing users in a single replicated suffix.
The installer might not find an existing Administration Server for the selected directory source on the local host. However, Identity Synchronization for Windows ships with Administration Server. When the installer does not find a local Administration Server, the installer adds the Administration Server at the specified Server Root location.
To read more about the features presented in this chapter, refer to the following documentation.
Feature |
Documentation |
---|---|
Deploying Identity Synchronization for Windows |
Sun Java System Identity Synchronization for Windows 6.0 Deployment Planning Guide |
Using the Identity Synchronization for Windows command-line utilities | |
Sample XML configuration documents | |
Configuring multiple Windows domains and using Synchronization User Lists (SULs) | |
Synchronizing users in a single replicated suffix | |
Group synchronization |