This section explains the main components of the Identity Manager and Identity Synchronization for Windows deployment:
Active Directory domains
Separate Directory Server deployment
Any other Identity Manager-managed resource (which does not include the previous two) for example, Oracle RDBMS
The Identity Manager Administrator Interface handles resource administration, such as system-wide password changes and user creations. All password changes between Directory Servers and Active Directory domains are synchronized using Identity Synchronization for Windows. Password changes that occur within an Active Directory Domain are synchronized to Directory Server using Identity Synchronization for Windows, and synchronized to all other Identity Manager resources using pwsync, an Identity Manager Dynamic Link Library (DLL) installed on the Primary Domain Controllers of Windows systems. All password changes originating from the Identity Manager Administrator Interface are subsequently propagated to all Identity Manager resources, except the Sun Java System Directory Server. All user creations originating from the Identity Manager Administrator Interface are propagated to all resources, including Directory Servers. See also Configuring pwsync to Not Propagate Passwords to Directory Server.