Sun Java System Identity Synchronization for Windows 6.0 Deployment Planning Guide

Adding the shadowAccount Object Class

When configuring Identity Synchronization for Windows to interoperate with PAM LDAP on Solaris systems, select and then add the shadowAccount object class as an auxiliary object class for synchronization. When a new user is created in Active Directory, and that user is synchronized to Directory Server, the user entry includes the shadowAccount object class, which is required by PAM LDAP.

Figure 2–2 shadowAccount Object Class

shadowAccount Object Class