Manualshelf

Red Hat Directory Server 8.0 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Red Hat Directory Server Software
551552553554555556557558559560
deleted if the deleted entry has the ntUserDeleteAccount or ntGroupDeleteAccount attribute
set to true.
NOTE
When a Directory Server entry is synchronized over to Active Directory for the
first time, Active Directory automatically assigns it a unique ID. At the next
synchronization interval, the unique ID is sychronized back to the Directory
Server entry and stored as the ntUniqueId attribute. If the Directory Server entry
is deleted on Active Directory before the unique ID is synchronized back to
Directory Server, the entry will not be deleted on Directory Server. Directory
Server uses the ntUniqueId attribute to identify and synchronize changes made
on Active Directory to the corresponding Directory Server entry; without that
attribute, Directory Server will not recognize the deletion.
To delete the entry on Active Directory and then synchronize the deletion over to
Directory Server, wait five minutes so that the ntUniqueId attribute is
synchronized, and then delete the entry.
3.4. Resurrecting Entries
It is possible to add deleted entries back in Directory Server; the deleted entries are called
tombstone entries. When a deleted entry which was synched between Directory Server and
Active Directory is re-added to Directory Server, the resurrected Directory Server has all of its
original attributes and values. This is called tombstone reanimation. The resurrected entry
includes the original ntUniqueId attribute which was used to synchronize the entries, which
signals to the Active Directory server that this new entry is a tombstone entry. The way that
tombstone entries are handled is different between Windows Server 2000 and Windows Server
2003:
On Windows 2000, Active Directory creates a new entry with a new unique ID; this new ID is
synched back to the Directory Server entry.
On Windows 2003, Active Directory resurrects the old entry and preserves the original unique
ID for the entry.
For Active Directory entries on both on Windows 2000 and 2003, when the tombstone entry is
resurrected on Directory Server, all of the attributes of the original Directory Server are retained
and are still included in the resurrected Active Directory entry.
3.5. Manually Updating and Resynchronizing Entries
Synchronization occurs every five minutes. However, an incremental update can be done
manually if there are changes that need synchronized immediately.
Chapter 19. Synchronizing Red Hat Directory Server with Microsoft Active Directory
532