If you wish to synchronize user’s password from Microsoft Active Directory (AD) to Oracle Identity Manager (OIM) then you must install  Microsoft Active Directory Password Synchronization connector

This post covers things you must know regarding Microsoft Active Directory Password Synchronization

  • For Connector basics : ResourcesReconciliation, and Provisioning click here
  • For more information on type of connectors Java vs .NET (dot net) click here
  • For OIM connectors for Microsoft (Active DirectoryExchange, andWindows) click here
  • For OIM-OID connector architecture click here
  • For OIM-Oracle eBusiness Suite connector click here
Things you must know for Microsoft Active Directory Password Synchronization connector
  1. For Microsoft Active Directory Password Synchronization connector , Microsoft Active Directory User Management (UM) connector is pre-requisite. (You must first install Microsoft Active Directory User Management connector)
  2. Microsoft Active Directory User Management connector’s latest version (as of Sep 2012) is 11.1.1.5 where as Microsoft Active Directory Password Synchronization connector’s latest version (as of Sep 2012) is 9.1.1.5
  3. You can configure OIM 11g with Microsoft Active Directory User Management (MS-UM) 11.1.1.5 and  Microsoft Active Directory Password Synchronization 9.1.1.5
  4. Microsoft Active Directory Password Synchronization connector must be installed on Windows Active Directory Domain Controller machine
  5. If AD domain controller is running on multiple machines (for high availability/resilience) then you must install password synchronization connector on each domain controller machine
  6. MS-AD Password Synchronization Connector configuration is stored in registry HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Control\ Lsa\ oimpwdsync
  7. For Active Directory related configuration : HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Control\ Lsa\ oimpwdsync\ ADConfig

  8. ADPersistentStore is OU in Active Directory that will store data for users whose password can’t be synced from AD to OIM for various reasons (OIM not available, user not available in OIM etc).
  9. Change value of Log from N to Y , if you wish to enable logging in password synchronization (by default logging is disabled)
  10. LogPath represents directory in which logs are enabled (to enable logging set value of field Log to Y )
  11. For OIM related configuration: HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Control\ Lsa\ oimpwdsync\ OIMConfig
  12. OIMhost is hostname where OIM managed server is running (For High Availability use load balancer name here)
  13. OIMPort is port on OIM managed server  is running (For High Availability use port number on which load balancer is configured)
  14. To disable Password Synchronization connector, set value of Disabled to 1 (0 means password synchronization is enabled)
  15. To enable logging for OIM related events set value of parameter OIMLog to Y , You will see file [TIME_STAMP]OIMMain.log
  16. AD will communicate to OIM server via SPML Web Service (WS) SOAP request over HTTP(S) like http(s)://OIMHost:OIMPort/spmlws/OIMProvisioning for OIM on WebLogic Server(Make sure to deploy SPML-DSML application on OIM Managed Server and application is in ACTIVE state)
  17. In [TIME_STAMP]OIMMain.logyou should see calls likeDebug [2/20/2002 12:54:42 AM] The SOAP start element is 
    Debug [2/20/2002 12:54:42 AM] <processRequest xmlns=”"><sOAPElement>
    Debug [2/20/2002 12:54:42 AM] The SOAP end element is 
    Debug [2/20/2002 12:54:42 AM] </sOAPElement></processRequest>
    Debug [2/20/2002 12:54:42 AM] The path is 
    Debug [2/20/2002 12:54:42 AM] /spmlws/OIMProvisioning
    Debug [2/20/2002 4:54:53 PM] <env:Envelope xmlns:soapenc=”http://schemas.xmlsoap.org/soap/encoding/” xmlns:xsd=”http://www.w3.org/2001/XMLSchema” xmlns:env=”http://schemas.xmlsoap.org/soap/envelope/” xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance”><env:Header/><env:Body env:encodingStyle=”http://schemas.xmlsoap.org/soap/encoding/”><m:processRequestResponse xmlns:m=”http://xmlns.oracle.com/OIM/provisioning”><setPasswordResponse xmlns=”urn:oasis:names:tc:SPML:2:0:password”</setPasswordResponse></m:processRequestResponse></env:Body></env:Envelope>
  18. For connector installer related configuration HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet\ Control\ Lsa\ oimpwdsync\ Install

 

More on Microsoft Active Directory (AD) to Oracle Identity Manager (OIM) Password Synchronization: Things you must know in Part II

 

Share any tips/key point related to OIM’s Microsoft Active Directory Password  Synchronization by leaving comment

Previous in series Next in series

Related Posts for Identity Manager


  1. Oracle Identity Manager (User Provisioning – Thor)
  2. Installing Oracle Identity Manager (Thor Xellerate)
  3. Oracle Identity Manager 9.1 released
  4. Oracle Identity Manager (Thor Xellerate) Architecture
  5. Resource, Reconciliation, Provisioning and Connector in Oracle Identity Manager #OIM
  6. Oracle Identity Manager (OIM) Connector for Oracle Internet Directory (OID) : Architecture and Overview
  7. Step by Step Installation of OIM Design Console 9.1.0
  8. Error while running PurgeCache in OIM 11g : LoginException unable to find LoginModule class : WebLogic Full Clinet
  9. Integrate OIM 11g with OID using connector for Provisioning / Reconcilliation – Installation
  10. PurgeCache in OIM 11g : CategoryName
  11. OIM LDAP Sync : Overview and Key Points
  12. OIM 11g : How to export/import/delete Files from MDS
  13. Where are OAM details stored in OIM (account unlock, password reset)
  14. libOVD adapters in OIM LDAP Integration : LDAPsync – view and modify Adapter settings (bindDN and bindPassword)
  15. Error Starting OIM Design Console (xlclient.sh) on Linux java.lang. NoClassDefFoundError
  16. OIM 11g Challenge Questions (PCQ) for forgot password
  17. Oracle EBS Integration with OIM (Identity Manager) : Things you should know
  18. Users not synced from OID to OIM : Debug Scheduled Job
  19. OIM Connector for Microsoft : AD, Exchange, Windows, Password Management
  20. Connector Server for OIM connectors : .NET or JAVA
  21. OIM 11g Challenge Questions – Everything you must know
  22. OIM 11g How to add Challenge Questions
  23. OIM : Assign AD resource : An error occurred because the Adapters are not compiled : How to compile adapters in OIM
  24. OIM User Creation : An Error occurred while performing create user operation. Unable to get LDAP connection
  25. OIM – AD integration : Active Directory Group Lookup Recon failed with error Remote Framework Key is invalid
  26. Microsoft Active Directory (AD) to Oracle Identity Manager (OIM) Password Synchronization: Things you must know : Part I
  27. Provision resource “Microsoft Exchange” to user in OIM : Status remains in Provisioning : Part I
  28. Target Resource (or Managed Resource) vs Trusted Source (or Authoritative Source) Mode : OIM integration with applications (AD, OID, OVD, EBS, SAP, HR, LDAP)
  29. 500 Internal server accessing OIM application : com.bea. security.MicroSM. getInstance oracle.iam. platform. authz.impl
  30. Your account is locked. You can unlock your account by going to Forgot Password
  31. OIM 11g : How to find User and Manager details : USR table
  32. OIM 11g : User Detail/Attribute (Description) not visible in OIM User screen : EBS / OID / OIM integration
  33. OIM 11g: The add proxy operation for user XXXXX failed with following error oracle. bpel. services. workflow. client. workflowservieclientException javax.xml.ws.WebServiceException could not determine wsdl ports
  34. Oracle Identity Manager BP07 for 11gR1 PS1 11.1.1.5.7 (16097399) is now available – (Part of Identity Management SUite BP03 16209876)
  35. OIM 11g : SQL to List User’s Manager
  36. OIM integrated with OAM (SSO) showing OIM login screen : User Soft Locked