The sections below contains a list of the key driver features.
A local installation is an installation of the driver on the Metadirectory server. The Active Directory driver can be installed on the Windows operating systems supported for the Metadirectory server. The supported operating system versions are Windows Server 2003 SP2 (32-bit), Windows 2008 SP2 or later (32-bit and 64-bit), Windows 2008 Server Core (32-bit and 64-bit), and Windows 2008 R2.
For more information about local installations, see Section 2.2, Where to Install the Active Directory Driver.
For additional information about system requirements, see Metadirectory Server
in the Identity Manager 3.6.1 Installation Guide.
The Active Directory driver can use the Remote Loader service to run on a Windows server other than the Metadirectory server. The Remote Loader service for the Active Directory driver can be installed on Windows Server 2003 SP2 (32-bit), Windows 2008 SP2 or later (32-bit and 64-bit), and Windows 2008 Server Core (32-bit and 64-bit).
For more information about remote installations, see Section 2.2, Where to Install the Active Directory Driver.
For additional information about system requirements, see Remote Loader
in the Identity Manager 3.6.1 Installation Guide.
The Active Directory driver implements entitlements.
Entitlements make it easier to integrate Identity Manager with the Identity Manager User Application and Role-Based Services in eDirectory. In the User Application, an action such as provisioning an account in Active Directory is delayed until the proper approvals have been made. In Role-Based Services, rights assignments are made based on attributes of a user object and not by regular group membership. Both of these services offer a challenge to Identity Manager because it is not obvious from the attributes of an object whether an approval has been granted or the user matches a role.
Entitlements standardize a method of recording this information on objects in the Identity Vault. From the driver perspective, an entitlement grants or revokes the right to something in Active Directory. You can use entitlements to grant the right to an account in Active Directory, to control group membership, and to provision Exchange mailboxes. The driver is unaware of the User Application or Role-Based Entitlements. It depends on the User Application server or the Entitlements driver to grant or revoke the entitlement for a user based upon its own rules.
You should enable entitlements for the driver only if you plan to use the User Application or Role-Based Entitlements with the driver. For more information about entitlements, see the Identity Manager 3.6.1 Entitlements Guide.
The Active Directory driver synchronizes passwords on both the Subscriber channel and the Publisher channel. For more information, see Section 6.0, Synchronizing Passwords.
The Active Directory driver synchronizes User objects, Group objects, containers, and Exchange mailboxes.