When you install Identity Synchronization for Windows, you install the Core component first, and then you configure it to match your environment.
The core component consists of the following components, which are each separate Java processes. A description each component, begins on the referenced page:
Identity Synchronization for Windows stores its configuration data in a Directory Server configuration directory (the program does not install a configuration directory).
The console, system manager, command line utility, and the installer all read and write the product’s configuration data to and from the configuration directory, including:
Installation information about each component’s health
Configuration information for every directory, domain, connector, and Directory Server Plug-in
Connector status
Synchronization settings that describe the direction of user or group's creations, deletions, and attribute modifications
Attributes to be synchronized and attribute mappings between the two directory environments Active Directory and Directory Server or Windows NT and Directory Server
Synchronization User Lists in each directory topology
Log settings
The Identity Synchronization for Windows provides a Console that centralizes all of the product’s component configuration and administration tasks.
You can use the console to do the following:
Configure directory sources to be synchronized
Define mappings for user entry attributes to be synchronized, in addition to passwords
Specify which users and attributes within a directory or domain topology will be (or will not be) synchronized
Monitor system status
Start and stop synchronization
Identity Synchronization for Windows also provides command line utilities that enable you to perform the following tasks directly from the command line:
Display certificate information based on your configuration and SSL settings
Change the Identity Synchronization for Windows configuration password
Configure the Directory Server plug-in for a specified Directory Server source.
Prepare a Sun Java System Directory Server source for use by Identity Synchronization for Windows
Display the steps you must perform to complete the installation or configuration process and view the status of installed connectors, the system manager, and Message Queue
Reset connector states in the configuration directory to uninstalled
Synchronize and link existing users in two directories, and pre-populate directories as part of the installation process
Enable or disable account lockout
Enable or disable group synchronization
Start and stop synchronization
For a detailed description of the product’s command line utilities and how to use them, see Appendix A, Using the Identity Synchronization for Windows Command Line Utilities
The Identity Synchronization for Windows system manager is a separate Java process that:
Leverages the product’s back-end networked facilities to dynamically deliver configuration updates to connectors
Keeps status of each connector and all connector subcomponents
Coordinates idsync resync operations that are used to initially synchronize two directories
Connectors may be installed so that they are widely distributed across remote geographical locations; therefore, it is of great administrative value to have all logging information centralized, which allows the administrator to monitor synchronization activity, detect errors, and evaluate the health of the entire system from a single location.
Administrators can use the central logger logs to:
Verify that the system is running correctly
Detect and resolve individual component and system-wide problems
Audit individual and system-wide synchronization activity
Track a user’s password synchronization between directory environments
There are two different types of logs:
The audit log provides information about the system’s day-to-day activities, which includes important events such as a user’s password being synchronized between directories. You can control the level of information that is logged in the audit log by increasing or decreasing the detail provided in the log messages.
Identity Synchronization for Windows also writes all of the error log messages to the audit log to facilitate easy correlation with other events.
The error log provides information about conditions qualified as severe errors and warnings. All error log entries are worthy of attention, so you cannot prevent errors from being logged. If an error condition takes place, it will always be documented in the error log.