Former Sun Identity Synchronization for Windows (IDSync) can help you to migrate your users' password from Sun DS 5.2 to Windows AD, and also has some nice features. It's also a simple solution to a common problem, in comparison with IDM software (from any vendors) which will also do the job but that you probably don't want to deploy just for AD to/from Sun DS synchronization, since ROI would be discouraging.

So, basically, if you don't want to upgrade or migrate your Sun DS 5.2 directory, you can safely use choose IDSync, it will often be one of the cheapest Sun DS 5.2 to/from AD password synchronization solution (including services and licence costs), and also probably one of the best ROI, but beware of:

- the vendor proposed support, if any (probably quite expensive now that Sun belongs to Oracle)

- high availability: IDSync is designed for high availability, in some use cases at least, so carefully check your requirements and what ID Sync can or can not do from that perspective.

IDSync is also bundled with Sun DS since v 6 (=Sun DSEE 6) and still exists in DSEE v7.0. As far as I know, Oracle Directory Server Enterprise Edition 11 g Release 1 (11.1.1), which corresponds to DSEE 7.0 update 1 is still bundled with that synchronization solution.

Please note that ODSEE 11gR1 is different from Oracle's virtual directory which probably also contains a synchronization solution from/to AD, but it's of course designed to synchronize with Oracle's directory solution.

To answer the primary question of initial password synchronization from Sun DS 5.2 to AD without password reset, IDSync won't do the job, without resetting those passwords, or without forcing users to change it. Basically, with IDSync, your passwords can be synchronized on the fly once they've been synchronized once, but IDSync won't help you for that first time. As described above, you need to capture your users' passwords (so you need them to type it in a Web interface for example) and then you can push them to AD through LDAPS. For example, if you've got a webmail interface that authenticate your users to Sun DS, you can possibly hack the webmail system to do the job. Careful planning must also be decided, between the initial password synchronization and the real time synchronization solution taking then place.