This section provides installation and configuration summaries and details the choices you make when deploying Identity Synchronization for Windows. Read all of the information in this section, and complete the installation checklists before you begin the installation process.
You must provide the following information when you install Core:
Configuration directory host and port. Specify the configuration directory host and port for the Directory Server instance on which Identity Synchronization for Windows configuration information will be stored.
You can specify an SSL port as the configuration directory port. If you do, you must identify the port as an SSL port during the installation process.
Root suffix. Specify the root suffix for the configuration directory. All configuration information is stored under this suffix.
Administrator’s name and password. Specify credentials for accessing the configuration Directory Server.
Configuration password. Specify a secure password to protect sensitive configuration information.
File system directory. Specify the location in which to install Identity Synchronization for Windows. You must install Core in the same directory as a Directory Server Administration Server.
Unused port number. Specify an available port number for the Message Queue instance.
Administration Server. Specify administration server administrator's user name and password if it already exists on Directory Server.
You must provide the following information when you configure Core:
Sun Java System Directory schema. Specify the Directory Server data that you want to load from the configuration directory.
User object class (for Directory Server only). Specify the user object class that will be used to determine user types. Identity Synchronization for Windows derives a list of attributes (including password attributes) based on this object class. This list is populated from the schema.
Synchronized attributes. Specify user entry attributes to be synchronized between the Directory Server and Windows directory sources.
Modifications, creations, and deletions flow. Specify how you want modifications, creations, and deletions to be propagated between Directory Server and Windows directory sources.
From Active directory/Windows NT to Directory Server
Bidirectionally
Specify whether to synchronize object activations and inactivations if they are propagated between Directory Server and Windows directory sources, and specify a method for synchronizing these objects.
Global catalogs. Specify global catalogs (repositories for Active Directory topological and schema information).
Active Directory schema controller. Specify the fully qualified domain name (FQDN) of the Active Directory schema source to be retrieved from the Windows global catalog.
Configuration Directory. Specify the Directory Server that stores the Identity Synchronization for Windows configuration.
Active Directory source. Specify the sources used to synchronize Active Directory domains.
Windows NT Primary Domain Controller. Specify the Windows NT domains to be synchronized and the name of the Primary Domain Controller for each domain.
Synchronization User Lists. Use LDAP DIT and filter information to specify the users to be synchronized on Directory Server, Active Directory, and Windows NT.
Sun Java System Directory Servers. Specify Directory Server instances that store users to be synchronized.
You must provide the following information when you install the connectors and the Directory Server Plug-in:
Configuration directory host and port. Specify the configuration directory host and port for the Directory Server instance on which Identity Synchronization for Windows configuration information will be stored.
Root suffix. Specify the root suffix for the configuration directory. Use the root suffix specified during Core installation.
Administrator’s name and password. Specify credentials for accessing the configuration Directory Server.
Configuration password. Specify a secure password to protect sensitive configuration information.
File system directory. Specify the location in which to install Identity Synchronization for Windows. All components installed on the same machine must have the same installation path.
Directory sources: Specify the directory source for which you want to install the connector or plug-in.
When you are installing Directory Server and Windows NT Connectors, you must specify an unused port.
When you are installing the Directory Server Connector and Plug-in, you must specify the host, port, and credentials for the Directory Server that corresponds to that Connector and Plugin.
Identity Synchronization for Windows enables you to perform a variety of tasks from the command line using the idsync script with the following subcommands:
certinfo — Displays certificate information based on your configuration and SSL settings.
changepw — Changes the Identity Synchronization for Windows configuration password.
prepds — Prepares a Sun Java System Directory Server source for use by Identity Synchronization for Windows.
printstat — Prints the status of installed connectors, the system manager, and Message Queue.
You can also use the printstat command to display a list of the remaining installation and configuration steps you have to perform to complete the installation process.
resetconn — Resets connector states in the configuration directory to uninstalled only in cases of hardware or uninstaller failure.
resync — Resynchronizes and links existing users, and pre-populates directories as part of the installation process.
dspluginconfig — Configures or unconfigures the Directory Server Plug-in.
groupsync — Enables or disables group synchronization.
accountlockout — Enables or disables account lockout feature.
stopsync — Stops synchronization.
See Appendix A, Using the Identity Synchronization for Windows Command Line Utilities for detailed information about these utilities.