MS Active Directory Password Synchronization with Oracle Identity Manager

 Step 1:  Install Windows Server 2008 R2

               a. set Static IP address
               b. Disable Firewall
               c. Create a Domain (dcpromo  ) Eg : activedirectory.com

Step 2 :  Install Connector Server in Windows Server

Step 3 :  Install Active Directory User Management Connector in " OIM  " and Configure IT Resources

Step 4 :  Install Active Directory password Sync Connector in " Windows Server "

Step 5 : Goto Run Command type " regedit"  Search "ADConfig " or Path  HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Control\ Lsa\ oimpwdsync\ ADConfig

1. ADPersistentStore is OU in Active Directory that will store data for users whose password can’t be synced from AD to OIM for various reasons .
2. Change value of Log from N to Y , if you wish to enable logging in password synchronization 
3. LogPath represents directory in which logs are enabled (to enable logging set value of field Log to Y )

Step 6 : Goto Run Command type " regedit"  Search "OIMConfig " or Path  HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Control\ Lsa\ oimpwdsync\ OIMConfig

1.  OIMhost is hostname where OIM managed server is running  ( Ex : oim.luckyfusion.com )
2. OIMPort is port on OIM managed server  is running (Ex : 14000 )
3. To disable Password Synchronization connector, set value of Disabled to 1
4. AD will communicate to OIM server via SPML Web Service (WS) SOAPrequest over HTTP(S) like http(s)://oim.luckyfusion:14000/spmlws/OIMProvisioning for OIM on WebLogic Server (Make sure to deploy SPML-DSML application on OIM Managed Server and application is in ACTIVE state)

SPML-DSML Deployment Steps :

      Before you deploy the connector, deploy the SPML-DSML Service on the Oracle WebLogic Application Server on which Oracle Identity Manager is running:

1. Log in to the Oracle WebLogic Server Administration Console.
2. In the Change Center region, click Lock & Edit to enable modification to the settings on the page.
3. In the Domain Structure region, click Deployments.
4. On the right pane, click Install.
5. On the Locate deployment to install and prepare for deployment page, in the Path field, enter OIM_HOME\server\apps. For example,D:\my_install\middleware\Oracle_IDM1\server\apps.
6. In the region following the Current Location field, select spml-dsml.ear and then click Next.
7. On the Choose targeting style page, click Next to accept the default selection and proceed with installation.
8. On the Select deployment targets page, in the Available targets for spml-dsml region, select oim_server1 if Oracle Identity Manager is installed in a nonclustered environment. Otherwise, select oim_cluster.
9. Click Next.
10. On the Optional Settings page, in the Source accessibility region, select I will make the deployment accessible from the following location, and then click Next.
11. On the Review your choices and click Finish page, verify the data that you have provided, and then click Finish.
12. On the Settings for spml-dsml page, review the configuration information of the deployed SPML-DSML Service, and then click Save.
13. In the Change Center region, click Activate Changes for the changes to take effect.
14. On the left pane, in the Domain Structure region, click Deployments.
15. On the right pane, in the Deployments table, select spml-dsml, and then from the Start list, select Servicing all requests.
    The SPML-DSML Service is started.

  
Step 7 : Goto Run Command type " regedit"  Search "Install " or Path  HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Control\ Lsa\ oimpwdsync\ Install

Step 8 : Reconfigure the IT Resources 
            set the Allow Password Provisioning parameter to no

Step 9 : Configure SSL 

Step 10 :