Red Hat Directory Server 8.0 Administrator's Guide
Synchronizing Red Hat Directory
Server with Microsoft Active
Directory
The Windows Sync feature allows synchronization of adds, deletes, and changes in groups,
users, and passwords between Red Hat Directory Server and Microsoft Active Directory. It
provides an efficient and effective way to maintain consistent information across directories.
1. About Windows Sync
Synchronization allows the user and group entries in Active Directory to be matched with the
entries in the Red Hat Directory Server. As entries are created, modified, or deleted, the
corresponding change is made to the sync peer server, allowing two-way synchronization of
users, passwords, and groups.
The synchronization process is analogous to the replication process: the synchronization is
enabled by a plug-in, configured and initiated through a sync agreement, and record of directory
changes is maintained and updates are sent according to that changelog. This synchronizes
users and groups between Directory Server and a Windows server.
Windows Sync has two parts, the sync service for directory entries and the sync service for
passwords:
• Directory Server Windows Sync. The Directory Server leverages the Multi-Master Replication
Plug-in to synchronize user and group entries. The same changelog that is used for
multi-master replication is also used to send updates from the Directory Server to Active
Directory as an LDAP operation. The server also performs LDAP search operations against
its Windows server to synchronize changes made to Windows entries to the corresponding
Directory Server entry. This is illustrated in Figure 19.1, “Active Directory - Directory Server
Synchronization Process”.
Chapter 19.
515