Windows and Active Directory Integration
Hitachi ID Management Suite uses the NTLM client built into the Windows server OS to manage passwords on individual Windows servers and on Active Directory domains.
Integration with Active Directory domains is also supported using LDAPS to one or more domain controllers. Please note that use of LDAPS requires that an SSL certificate be installed on each target DC (Windows does not allow password to be set over plaintext LDAP).
Hitachi ID Management Suite can integrate with multiple domains, in multiple forests at the same time. Trust relationships are not required to do this.
Where Hitachi ID Password Manager is used to clear intruder lockouts, it can automatically choose appropriate domain controller(s) on which to do so, so as to expedite propagation.
No agent software is installed locally on Windows servers or domain controllers, to manage users or passwords on Windows or Active Directory.
A DLL can be installed on Windows servers and/or AD domain controllers to intercept native password changes, subject them to an extra password policy and trigger password synchronization.
Hitachi ID Identity Manager can also manage objects outside of AD that pertain to AD users -- such as home directory shares and folders, mailboxes on Exchange or other e-mail systems, etc.
Hitachi ID Management Suite connectors can create, delete, enable, disable, modify, rename and move users Kerberos users hosted on over 22 types of Unix systems and on on Windows 2000/2003/2008 servers and Active Directory domains. It creates new Windows users by cloning existing ones, copying and adjusting hundreds of native Windows, Active Directory and Exchange attributes in the process. It can also manage the membership of users in Windows and Active Directory groups.
When managing Windows/AD users, Hitachi ID Management Suite connectors can also create, update and move Exchange mailboxes; create, populate and set ACLs on Windows home directories and more. In other words, it can manage the entire Windows-platform user profile, rather than just AD user objects.