JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Identity Synchronization for Windows 6.0 Installation and Configuration Guide
search filter icon
search icon

Document Information


Part I Installing Identity Synchronization for Windows

1.  Understanding the Product

2.  Preparing for Installation

Installation Overview

Installing Core

Configuring the Product

Preparing the Directory Server

Installing Connectors and Configuring Directory Server Plug-In

Synchronizing Existing Users

Configuration Overview


Synchronization Settings

Object Classes

Attributes and Attribute Mapping

Attribute Types

Parameterized Attribute Default Values

Mapping Attributes

Synchronization User Lists

Synchronizing Passwords With Active Directory

Enforcing Password Policies

Directory Server Password Policies

Active Directory Password Policies

Creating Accounts Without Passwords

Example Password Policies

Error Messages

Configuring Windows for SSL Operation

Installation and Configuration Decisions

Core Installation

Core Configuration

Connector Installation and Configuring the Directory Server Plug-In

Using the Command-Line Utilities

Installation Checklists

3.  Installing Core

4.  Configuring Core Resources

5.  Installing Connectors

6.  Synchronizing Existing Users and User Groups

7.  Removing the Software

8.  Configuring Security

9.  Understanding Audit and Error Files

Part II Identity Synchronization for Windows Appendixes

A.  Using the Identity Synchronization for Windows Command Line Utilities

B.  Identity Synchronization for Windows LinkUsers XML Document Sample

C.  Running Identity Synchronization for Windows Services as Non-Root on Solaris

D.  Defining and Configuring Synchronization User Lists for Identity Synchronization for Windows

E.  Identity Synchronization for Windows Installation Notes for Replicated Environments


Installation Overview

This section illustrates a single-host installation procedure for Identity Synchronization for Windows.

Figure 2-1 Single-host installation procedure

image:single-host installation procedure

Some components must be installed in a particular order, so be sure to read all installation instructions carefully.

Identity Synchronization for Windows provides a “To Do” list, which is displayed throughout the installation and configuration process. This information panel lists all of the steps that you must follow to successfully install and configure the product.

Figure 2-2 To Do List for Identity Synchronization for Windows Installation and Configuration

image:This panel lists the remaining installation/configuration steps you must perform.

As you go through the installation and configuration process, all completed steps in the list are grayed-out as shown in Figure 6–2.

The rest of this section provides an overview of the installation and configuration process.

Installing Core

When you install Core, you will be installing the following components:

Configuring the Product

After installing Core, use Console to initially configure the directory sources to be synchronized and other characteristics of the deployment, all from a centralized location.

Instructions for configuring directory resources are provided in Chapter 4, Configuring Core Resources.

Preparing the Directory Server

Before you can install Directory Server Connectors, you must prepare a Sun Java System Directory Server source for every preferred and secondary Directory Server that is being synchronized.

You can perform this task from the Console, or from the command line by using the idsync prepds subcommand.

Instructions for preparing Directory Server are provided in Preparing Sun Directory Source.

Installing Connectors and Configuring Directory Server Plug-In

You can install any number of connectors depending on the number of configured directories in your topology. Both the Console and the installation program use the directory label to associate a connector with the directory that is synchronized. The following table describes the label naming conventions.

Table 2-1 Label Naming Conventions

Connector Type
Directory Source Label
Directory Server Connector
root suffix or suffix/database
Directory Server Plug-in

Configure one Plug-in in every Directory Server (master or consumer) for the root suffix being synchronized.

AD Connector
Domain name
NT Connector
Domain name
(Automatically installed with the Windows NT Connector) Change Detector and Password Filter DLL subcomponents are installed together in the same installation.

You must install the Windows NT Connector using the graphical user interface (GUI) installer.

Table 2-2 Label Naming Examples

Connector Name
Directory Source
SunDS1 on ou=isw_data1
SunDS1 on ou-isw_data2

Instructions for installing and configuring Connectors are provided in Chapter 3, Installing Core

Synchronizing Existing Users

After installing the connectors, plug-ins, and subcomponents, you must run the idsync resync command-line utility to bootstrap deployments with existing users. This command uses administrator-specified matching rules to do the following:

Instructions for synchronizing existing users in your deployment are provided in Chapter 6, Synchronizing Existing Users and User Groups.