Password Sync connector Installation and Upgrade

Install Password sync connector on Active Directory Domain Controller.

1.       On the Microsoft Active Directory host computer, run the installer as follows:

a. Unzip MSFT_PSync_91150.zip to a temporary directory.

b. In the temporary directory, run the setup.exe file to start the installer.

2.       On the Welcome page, click Next.

3.       On the next page, click Next.

4.       On the screen enter the Installation path and click Next. 

5.       On the Active Directory Configuration Parameters page, enter the below details.

Domain = xyz.com

Port = 389

Host = Domain Controller host name on which the connector installation is carried out.

Persistent Store = OU=OIMPS

click Next.

 

6.       On the second Active Directory Configuration Parameters page, enter values

or the following fields:

User = oimpassword@xyz.com  < Active directory service account having administrator group access>

Password = <Account’s password>

Log File Path = Default Path < Or change it as per the standard >

click Next.

 

7.      On the Oracle Identity Manager Configuration Parameters page, specify the below values.

Host = oim.xyz.com < OIM Server Host >

Port = 443 < OIM Server Port >

Administrator Login = xelsysadm < OIM Admin account user Name >

Administrator Password = < Admin account’s password >

OIM User Attribute = Users.User ID <Attribute to link AD account with OIM User >

OIM Application Server Type =  Weblogic

UseSSL = Yes

Client Certificate Subject Name = *.xyz.com

click Next.

 

8.       On the Configuration Parameter Information page, enter values for the following fields.

Time Interval = 1 < seconds the connector sleeps between processing password change

events.>

Maximum Retry = 5

click Next.

 

9.       Click Next on Summary Page.

10.      Copy the oimadpwdsync10.dll and orclmessages.dll files from the Windows\SysWOW64 directory to the WINDOWS\system32 directory.

11.       Click Next to complete the installation and restart the server.

12.       Enable logging for the connector.

·         Open Registry Editor, using regedit command in Run dialog box.

·         Navigate to the following key to enable AD Logs

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Con-trol\Lsa\oimpwdsync\ADConfig

·         On the right pane, double-click the Log value. Enter Y in the dialog box.

·         Navigate to the following key to enable OIM Logs

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Con-trol\Lsa\oimpwdsync\OIMConfig

·         On the right pane, double-click the Log value. Enter Y in the dialog box.

·         Restart the servers.

 

13.       Apply the recommended patch or latest p27948293_91150_MSWIN-x86-64.zip.

·         Unzip the p27948293_91150_MSWIN-x86-64.zip file to a temporary location.

·         Copy %WINDIR%\System32\oimadpwdsync10.dll to a backup location.

·         Rename %WINDIR%\System32\oimadpwdsync10.dll to %WINDIR%\System32\oimadpwdsync10.dll_default.

·         Copy ExtractedPatchLocation\MSFT_AD_PSync_9.1.1.5.16\lib\win64\oimadpwdsync10.dll to %WINDIR%\System32

·         Modify ExtractedPatchLocation\MSFT_AD_PSync_9.1.1.5.16\ Update_oimpwdsync.reg as per the requirement.

·         Run the Update_oimpwdsync.reg file.

·         Restart the server.

Testing

1.       Change a User’s Password on the Domain Controller Active Directory.

2.       Verify the logs are populated accordingly.

3.       User can login in OIM with the updated Password.

End User Testing

1)      Windows password change should be propagated to OIM and user can login with the changed Password.

SQL Queries

Table Meaning used in SQL Queries.

OBJ- resource object information

App_instance -  application instance information

EVT - Defines event handlers by providing a process and class name. In addition the scheduling time of when the event handler can execute is set to pre (insert, update, delete) or post (insert, update, delete)

PKD - Package dependency table holds the dependency relationships between child packages of a parent package

PKG - Consists of names and system keys of service processes, which consist of a group ofservices from the TOS table. Defines a Process in Xellerate.

TOS - Holds information about a process.

SDK - User define data object meta data definition.

SRE - Defines Which Pre-populate Rule Generator Will Run For A Field Of User Defined DataObject.

ADP - Defines an adapter created through the Adapter Factory.

RAV - Stores the runtime data mappings for 'Pre-populate' adapters. The data source being an Xellerate form or child table, or a user defined form.

ADV - Adapter variable table contains variables that have been created for specific adapters.

SDC - Column Metadata.

MIL - Holds information about tasks of a process

Different process tasks and mapped adapters in any process definition of a resource:

select mil.mil_name,evt.evt_name,obj.obj_name 

from obj join pkg on  pkg.obj_key=obj.obj_key join tos on tos.pkg_key=pkg.pkg_key join mil on

mil.tos_key=tos.tos_key  left outer join evt on mil.evt_key=evt.evt_key

where obj.obj_name='<Resource Object Name>';

Process forms attached to Resource Objects based on app display name :

select obj_name,sdk_name 

from 

tos,pkg,sdk,obj, app_instance where tos.pkg_key=pkg.pkg_key

and tos.sdk_key=sdk.sdk_key and obj.obj_key=app_instance.object_key

and PKG.OBJ_KEY=obj.obj_key and APP_INSTANCE_DISPLAY_NAME='<Application Instance Name>';

Pre-populate Adapter and Adapter Mapping  of  process form :

select  sdc_label,adp.adp_name, rav_map_to,rav_map_qualifier,rav_map_value,sre_order

from

sre, sdk, evt , adp, rav,  adv, sdc  where sre.SDK_KEY=sdk.sdk_key and sre.EVT_KEY=evt.evt_key

and adp.EVT_KEY=evt.evt_key and rav.SRE_KEY=sre.sre_key and sdc.SDC_NAME=sre.sre_sdc_name

and rav.adv_key=adv.adv_key and adv.adp_key=adp.adp_key

and sdk.sdk_name=<Process Form Name>  order by sre_order asc ;