Password Sync connector Installation and Upgrade

Install Password sync connector on Active Directory Domain Controller.

1.       On the Microsoft Active Directory host computer, run the installer as follows:

a. Unzip MSFT_PSync_91150.zip to a temporary directory.

b. In the temporary directory, run the setup.exe file to start the installer.

2.       On the Welcome page, click Next.

3.       On the next page, click Next.

4.       On the screen enter the Installation path and click Next. 

5.       On the Active Directory Configuration Parameters page, enter the below details.

Domain = xyz.com

Port = 389

Host = Domain Controller host name on which the connector installation is carried out.

Persistent Store = OU=OIMPS

click Next.

 

6.       On the second Active Directory Configuration Parameters page, enter values

or the following fields:

User = oimpassword@xyz.com  < Active directory service account having administrator group access>

Password = <Account’s password>

Log File Path = Default Path < Or change it as per the standard >

click Next.

 

7.      On the Oracle Identity Manager Configuration Parameters page, specify the below values.

Host = oim.xyz.com < OIM Server Host >

Port = 443 < OIM Server Port >

Administrator Login = xelsysadm < OIM Admin account user Name >

Administrator Password = < Admin account’s password >

OIM User Attribute = Users.User ID <Attribute to link AD account with OIM User >

OIM Application Server Type =  Weblogic

UseSSL = Yes

Client Certificate Subject Name = *.xyz.com

click Next.

 

8.       On the Configuration Parameter Information page, enter values for the following fields.

Time Interval = 1 < seconds the connector sleeps between processing password change

events.>

Maximum Retry = 5

click Next.

 

9.       Click Next on Summary Page.

10.      Copy the oimadpwdsync10.dll and orclmessages.dll files from the Windows\SysWOW64 directory to the WINDOWS\system32 directory.

11.       Click Next to complete the installation and restart the server.

12.       Enable logging for the connector.

·         Open Registry Editor, using regedit command in Run dialog box.

·         Navigate to the following key to enable AD Logs

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Con-trol\Lsa\oimpwdsync\ADConfig

·         On the right pane, double-click the Log value. Enter Y in the dialog box.

·         Navigate to the following key to enable OIM Logs

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Con-trol\Lsa\oimpwdsync\OIMConfig

·         On the right pane, double-click the Log value. Enter Y in the dialog box.

·         Restart the servers.

 

13.       Apply the recommended patch or latest p27948293_91150_MSWIN-x86-64.zip.

·         Unzip the p27948293_91150_MSWIN-x86-64.zip file to a temporary location.

·         Copy %WINDIR%\System32\oimadpwdsync10.dll to a backup location.

·         Rename %WINDIR%\System32\oimadpwdsync10.dll to %WINDIR%\System32\oimadpwdsync10.dll_default.

·         Copy ExtractedPatchLocation\MSFT_AD_PSync_9.1.1.5.16\lib\win64\oimadpwdsync10.dll to %WINDIR%\System32

·         Modify ExtractedPatchLocation\MSFT_AD_PSync_9.1.1.5.16\ Update_oimpwdsync.reg as per the requirement.

·         Run the Update_oimpwdsync.reg file.

·         Restart the server.

Testing

1.       Change a User’s Password on the Domain Controller Active Directory.

2.       Verify the logs are populated accordingly.

3.       User can login in OIM with the updated Password.

End User Testing

1)      Windows password change should be propagated to OIM and user can login with the changed Password.