Manualshelf

HP-UX Directory Server 8.1 deployment guide

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server
919293949596979899100
Figure 7-1 Multi-master Directory Server Windows domain synchronization
Only create one synchronization agreement to any given Windows domain. To propagate the
changes and information synchronized from the Windows server throughout the Directory
Server, create the synchronization agreement with a multi-master supplier, preferably a data
master for the replication deployment.
7.2.7 Identifying the directory data to synchronize
Windows Sync synchronizes user and group entries between directory services. After deciding
which subtrees to synchronize, plan the information to store in those subtrees, such as the
following:
Contact information for directory users and employees, such as telephone numbers, home
and office addresses, and email addresses.
Contact information for trading partners, clients, and customers.
Users software preferences or software configuration information.
Group information and group membership.
Group members are synchronized only if they are within the synchronized suffix. Group
members that are not within the scope of the agreement are left unchanged on both sides;
that is, they are listed as members of the group on the appropriate directory service, but
their member attribute in the group entry is not synchronized with the synchronization peer.
Which entries are synchronized is set in the synchronization agreement. User entries are
synchronized separately from group entries. Additionally, deleting entries is configured
separately; deletions have to be specifically synchronized.
In the Directory Server, only entries that contain the ntGroup or ntUser object classes and
required attributes are synchronized; determine what existing and future entries should be
synchronized with the Windows server.
After determining what entries should be present in the directory, determine what attributes of
these objects need to be maintained in the directory. Only a subset of the possible attributes for
Directory Server or for Active Directory are synchronized. Additionally, this subset of attributes
can be limited even more by excluding certain attributes through the sync agreement (fractional
synchronization).
7.2 Planning windows synchronization 97