1 Reply Latest reply: Oct 6, 2004 12:02 AM by 807573 RSS

    bi-directional synch between AD and DS5.1 using meta5.1.1

    807573
      Hello, i am very new to the forums and would like to say hello to everyone and start with a question.

      we currently have a couple instances if DS 5.1 in our company. we use meta 5.1.1 to sync the ds instances as well as a few oracle DB's. we do not have any integration into AD and are trying to plan the best possible way to create a bi-directional connection into AD-2000.

      we would like to recieve eMail addresses from AD as well as a few other attributes and flow our employee attribs over into AD using UID (also AD login) as the key. these changes are currently being addresses via a manual reconcile.

      We also have plans on bringing in identity manager as part of another project and have been talking about upgrading our meta instance to identity manager(i believe this is the next natural progression).

      here is my confusion, please forgive my ignorance regarding this. I have only recently been given these responisbilities.

      -will identity manager replace all the functionality of meta 5.1.1?

      -can i natively (no 3rd party products) connect AD and IDMgr and do bi-directional flows?

      -would that connection require an addictional windows server?

      -can this be done using meta v5.1.1, if so what is the recommended connection method?

      -any other recoomendations you could make that i should take into consideration before undergoing this project?

      -lastly, would it make more sense to wait until we have upgraded to IDMgr to start the synching the two systems, AD and our instance of META/DS

      thanks in advance!
        • 1. Re: bi-directional synch between AD and DS5.1 using meta5.1.1
          807573
          Wecome to the gang!

          -will identity manager replace all the functionality of meta 5.1.1?
          A: Yes, and add many more like provisioning, delegated admin, RBAC, self service, password management, and tons of OOTB connectors.

          -can i natively (no 3rd party products) connect AD and IDMgr and do bi-directional flows?
          A: Yes

          -would that connection require an addictional windows server?
          A: If you plan to deploy Identity manager on a non windows platform, then you need to run a 'Gateway' process on a windows platform. This Gateway can be on any wndows machine that is part of the AD domain (it can be the AD DC itself)

          -can this be done using meta v5.1.1, if so what is the recommended connection method?
          A: You can do bi directional sycn with Meta's AD Connector (no passwords), but here again the requirement is that you can run the connector only on a wondows box (ADSI translation)

          -any other recoomendations you could make that i should take into consideration before undergoing this project?
          A: If you are going for Identity Manager, then I suggest you do a full scoping and phased deployment. Many companies are doing identity management in its true sense (not merely sync), and realising good value.

          -lastly, would it make more sense to wait until we have upgraded to IDMgr to start the synching the two systems, AD and our instance of META/DS
          A: I think so

          thanks in advance!

          You're welcome!!
          Suveer Chainani