When you install Identity Synchronization for Windows, you install the Core component first, then configure it to match your environment.
The Core component consists of the following components:
Identity Synchronization for Windows stores its configuration data in a Directory Server configuration directory. The program does not install a configuration directory.
The Console, system manager, command-line utilities, and the installer all read and write the product’s configuration data to and from the configuration directory, including the following:
Installation information about each component’s health
Configuration information for every directory, domain, connector, and Directory Server Plug-in
Connector status
Synchronization settings that describe the direction of user or group creations, deletions, and attribute modifications
Attributes to be synchronized and attribute mappings between Active Directory and Directory Server or Windows NT and Directory Server
Synchronization User Lists (SULs) in each directory topology
Log settings
Identity Synchronization for Windows provides a Console that centralizes all of the product’s component configuration and administration tasks.
You can use the Console to do the following:
Configure directory sources to be synchronized
Define mappings for user entry attributes to be synchronized, in addition to passwords
Specify which users and attributes within a directory or domain topology will or will not be synchronized
Monitor system status
Start and stop synchronization
Identity Synchronization for Windows also provides command-line utilities that enable you to perform the following tasks directly from the command line:
Display certificate information based on your configuration and Secure Sockets Layer (SSL) settings
Change the Identity Synchronization for Windows configuration password
Configure the Directory Server Plug-in for a specified Directory Server source
Prepare a Sun Java System Directory Server source for use by Identity Synchronization for Windows
Display the steps that you must perform to complete the installation or configuration process, and view the status of installed connectors, the system manager, and Message Queue
Reset connector states in the configuration directory to uninstalled
Synchronize and link existing users in two directories, and pre-populate directories as part of the installation process
Enable or disable account lockout
Enable or disable group synchronization
Start and stop synchronization
For a detailed description of the product’s command-line utilities and how to use them, see Appendix A, Using the Identity Synchronization for Windows Command Line Utilities.
The Identity Synchronization for Windows system manager is a separate Java process that does the following:
Leverages the product’s back-end networked facilities to dynamically deliver configuration updates to connectors
Keeps the status of each connector and all connector subcomponents
Coordinates idsync resync operations that are used to initially synchronize two directories
Connectors may be installed so that they are widely distributed across remote geographical locations. Therefore, having all logging information centralized is of great administrative value. This centralization allows the administrator to monitor synchronization activity, detect errors, and evaluate the health of the entire system from a single location.
Administrators can use the central logger logs to perform these tasks:
Verify that the system is running correctly
Detect and resolve individual component and system-wide problems
Audit individual and system-wide synchronization activity
Track a user’s password synchronization between directory sources
The two types of logs are as follows:
Audit log. Provides information about the system’s day-to-day activities, which includes events such as a user’s password being synchronized between directories. You can control the level of information that is logged in the audit log by increasing or decreasing the detail provided in the log messages.
Error log. Provides information about conditions that are qualified as severe errors and warnings. All error log entries are worthy of attention, so you cannot prevent errors from being logged. If an error condition takes place, it will always be documented in the error log.
Identity Synchronization for Windows also writes all error log messages to the audit log to facilitate correlation with other events.