Manualshelf

Red Hat Directory Server 8.0 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Red Hat Directory Server Software
541542543544545546547548549550
Section 3.5, “Manually Updating and Resynchronizing Entries”
Section 3.6, “Checking Synchronization Status”
Section 3.7, “Modifying the Sync Agreement”
3.1. Synchronizing Users
If Windows users are synchronized when the sync agreement was created, all the existing
Windows users are synchronized to the Directory Server after the first total update (when
synchronization begins). When a new Windows user account is created, a corresponding entry
will automatically be created on the peer Directory Server. If an existing sync agreement is
modified to begin synchronizing users, the Windows users will be added to the Directory Server
after the next total update.
A new Directory Server user account is synchronized to a Windows server if the new Directory
Server entry uses the ntUser object class and the ntUserCreateNewAccount attribute. New
users that are created on the Directory Server with the ntUser object class are synced to the
Windows machine at the next regular update; existing users that have the ntUser object class
added are synchronized at the next total update.
Special schema are applied to synchronized user entries in the Directory Server. This schema
are similar, but not identical, to that used by Netscape Directory Server 4.x NT Synchronization.
All synchronized entries in the Directory Server, whether they originated in the Directory Server
or in Active Directory, have special synchronization attributes.
ntUniqueId. This contains the value of the objectGUID attribute for the corresponding
Windows entry. This attribute is set by the synchronization process and should not be set or
modified manually.
ntDomainUser. This corresponds to the samAccountName attribute for Active Directory entries.
ntUserDeleteAccount. This attribute is set automatically when a Windows entry is synced over
but must be set manually for Directory Server entries. If ntUserDeleteAccount has the value
true, the corresponding Windows entry be deleted when the Directory Server entry is
deleted.
Setting ntUserCreateNewAccount and ntUserDeleteNewAccount on Directory Server entries
allows the Directory Manager fine-grained control over which users within the synchronized
subtree will be synched on Active Directory, similar to selecting in the sync agreement whether
to synchronize new Windows users.
When creating a Directory Server user in the Console (see Section 1.2, “Creating Directory
Entries”), there is an NT User tab in the New User dialog. Fill in this information to supply
Windows attributes automatically.
Chapter 19. Synchronizing Red Hat Directory Server with Microsoft Active Directory
528