HP-UX Directory Server 8.1 administrator guide
9.3.3.2 Configuring user sync in the command line
To enable synchronization through the command line, add the required sync attributes to an
entry or create an entry with those attributes.
Three schema elements are required for synchronization:
• The ntUser object class
• The ntUserDomainID attribute, to give the Windows ID
• The ntUserCreateNewAccount attribute, to signal to the synchronization plug-in to
synchronize the Directory Server entry over to Active Directory
For example:
ldapmodify -D "cn=directory manager" -w secret -p 389 -h server.example.com
dn: uid=scarter, ou=People, dc=example,dc=com
changetype: modify
add: objectClass
objectClass:ntuser
-
add: ntUserDomainId
ntUserDomainId: Sam Carter
-
add: ntUserCreateNewAccount
ntUserCreateNewAccount: true
-
add: ntUserDeleteAccount
ntUserDeleteAccount: true
Many additional Windows and user attributes can be added to the entry. All of the schema which
is synchronized is listed in “User attributes synchronized between Directory Server and Active
Directory”. Windows-specific attributes, belonging to the ntUser object class, are described in
more detail in the HP-UX Directory Server schema reference.
9.3.4 Configuring user sync for Active Directory users
Synchronization for Windows users (users that originate in the Active Directory domain) is
configured in the sync agreement.
9.3.4.1 Configuring user sync in the console
1. Open the Configuration tab and expand the Replication folder.
2. Open the appropriate database, and select the sync agreement.
412 Synchronizing Directory Server with Microsoft Active Directory