Quick Setup for eDirectory and AD Synch with IDM
Novell Cool Solutions: Feature
By Aaron Burgemeister
Digg This -
Posted: 20 Jun 2007
A Forum reader recently asked:
"I'm new to IDM and I'm looking for a quick setup to sync up a Netware 6.5 eDirectory tree with a Windows 2003 AD forest. Can anyone point me in the right direction, without having to read through the entire documentation?"
And here's the response from Aaron Burgemeister ...
The AD driver is a quick setup by definition. This should all be done in your test environment first. Here are the basics:
1. Install IDM on a NetWare box.
Don't bother installing any of the driver shims, just the engine (you can deselect the shims). If you get confused, just click OK over and over until you're done. If iManager is on this box, restart tomcat ("tc4stop ; tomcat4") for the IDM plugins to work.
2. Install Remote Loader (RL) on the Windows 2003 Domain Controller.
Make sure you have the Remote Loader/Connected System component as well as the Active Directory driver - other drivers are not necessary. Again, if confused, click OK over and over until done.
3. Go into iManager > Identity Manager > Identity Manager Overview > Search.
4. You'll be prompted to create a DriverSet. Name is something simple ("DrvrSet0") and click Next.
The next screen asks you to import a driver and AD is at the top of the list.
5. Click Next.
6. Fill in a bunch of values from each system. Use the documentation if anything is unclear, but it should be clear. Be sure you choose bidirectional synchronization, and use Password Synchronization 2.
7. Go ahead and do group synchronization if you want to.
8. Say 'No' to entitlements and Exchange stuff (unless you really want it, and then you're no longer looking for simple).
9. Click Accept.
10. Choose "Follow Identity Manager Name".
11. On the last screen, assign the driver rights equivalent to Admin and exclude Admin from being synchronized ('Excluded Users').
12. Start your driver when you get back to the DriverSet overview.
13. Set up the Remote Loader instance (the documentation makes this really simple) for your driver. These are mostly defaults, plus the RL and Driver passwords.
14. Click OK, and set it to run as a service when you are prompted.
15. Install the password synchronization filters (see section 7.5.1 of the AD driver documentation).
16. Restart the Domain Controller(s).
The documentation will answer most questions. The nitty gritty may need some clarification, but for the most part the AD driver is by far the easiest to set up and, aside from waiting for things to install by laying down bunches of files, it can be setup in 5 minues (tops), if you know what you're doing.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com