Chapter 6. Synchronizing Active Directory and Identity Management Users
This chapter describes synchronization between Active Directory and Red Hat Enterprise Linux Identity Management. Synchronization is one of the two methods for indirect integration of the two environments. For details on the cross-forest trust, which is the other, recommended method, see Chapter 5, Creating Cross-forest Trusts with Active Directory and Identity Management. If you are unsure which method to choose for your environment, read Section 1.3, “Indirect Integration”.
Identity Management uses synchronization to combine the user data stored in an Active Directory domain and the user data stored in the IdM domain. Critical user attributes, including passwords, are copied and synchronized between the services.
Entry synchronization is performed through a process similar to replication, which uses hooks to connect to and retrieve directory data from the Windows server.
Password synchronization is performed through a Windows service which is installed on the Windows server and then communicates to the Identity Management server.
6.1. Supported Windows Platforms
Synchronization is supported with Active Directory forests that use the following forest and domain functional levels:
- Forest functional level range: Windows Server 2008 - Windows Server 2012 R2
- Domain functional level range: Windows Server 2008 - Windows Server 2012 R2
The following operating systems are explicitly supported and tested for synchronization using the mentioned functional levels:
- Windows Server 2012 R2
- Windows Server 2016
PassSync 1.1.5 or later is compatible with all supported Windows Server versions.