The following security considerations are implemented for Identity Manager Multi-Domain Active Directory driver:
Driver synchronizes passwords from Active Directory (AD) domain controllers using encryption
Data transfer between engine and Remote Loader must be performed using SSL
Windows Cryptography API is used to encrypt Active Directory Passwords before synchronization
Communication between driver shim and AD servers happens in a secure mode if the driver is running on a member server
Driver uses Microsoft System.Security SecureString to encrypt User Passwords in memory
Driver requires authorized AD accounts to read and make changes in AD