B.2 Understanding DSfW in Relation to IDM

IDM is a data sharing and synchronization service that enables applications, directories, and databases to share information. It links scattered information and enables you to establish policies that govern automatic updates to designated systems when identity changes occur. On the other hand DSfW allows Microsoft Windows users to work in a pure Windows desktop environment and still take advantage of some OES back-end services and technology, without the need for a Client for Open Enterprise Server on the desktop.

The following table analyses the features of DSfW and IDM.

Table B-2 DSfW and IDM





Synchronization of user data and credentials between directory services and databases.

Allows existing eDirectory users or new DSfW users to access OES services as well as Microsoft Active Directory environment services with the help of trust.

Storage of user data

Data is duplicated across directory services.

Data is stored in eDirectory, but the DSfW suite of services make it possible for the data to be accessed and retrieved from Active Directory environment.


Can be managed from iManager.

DSfW can be managed from Microsoft MMC as well as eDirectory web management tools like iManager. So any Windows member server/client joined to the DSfW domain will be able to use the power of Active Directory which means share creation, assigning various access rights, managing users, trusts, group policies will be very much seamless. In DSfW the Samba-3 shares and access rights can be managed by eDirectory web based management i.e iManager.

Group Policy

No support for Group Policy.

Supports Group Policies. For more information, see Managing Group Policy and Fine-Grained Password Policy Settings


No concept of trusts. Data is duplicated and the access rights are evaluated on the local server.

Trusts are supported. This makes accessing inter-forest or inter-domain resources possible.Supports the following forms of trusts:

  • External Trusts

  • Forest Trusts

  • Realm Trusts

For more information see, Managing Trust Relationships in Domain Services for Windows