Table of Contents
Advertisement
synchronize and design or add corresponding Directory Server subtrees. The
synched Windows and Directory Server suffixes are both specified in the sync
agreement. All entries within the respective subtrees are available for
syncronization, including entries that are not immediate children of the specified
suffix.
NOTE
Any descendent container entries need to be created separately on
the Windows server by an administrator; Windows Sync does not
create container entries.
The Directory Server maintains a changelog, a database that records modifications
that have occurred. The changelog is used by Windows Sync to coordinate and
send changes made to the Windows sync peer server. Changes to entries in the
Windows server are found by using Active Directory s Dirsync search feature.
Because there is no changelog on the Active Directory side, the Dirsync search is
issued periodically, every five minutes. Using Dirsync ensures that only those
entries that have changed since the previous search are retrieved.
Windows Sync provides some control over which entries are synchronized to give
sufficient flexibility to support different deployment scenarios. This control is set
through different configuration attributes set in the Directory Server:
•
Within the Windows subtree, only entries with user or group object classes can
be synchronized to Directory Server. When creating the sync agreement, you
have the option of synchronizing new Windows user and/or group entries as
they are created. If these attributes are set to
are synchronized to the Directory Server, and entries as they are created in the
Windows server are synchronized to the Directory Server.
•
On the Directory Server, only entries with the
and required attributes can be synchronized.
Directory Server passwords are synchronized along with other entry attributes
because plaintext passwords are retained in the Directory Server changelog. The
Password Sync Service is needed to catch password changes made on the
Windows server. Without the Password Sync Service, it would be impossible to
have Windows passwords synchronized because passwords are hashed in the
Windows server, and the Windows hashing function is incompatible with the one
used by Directory Server.
Windows Sync Overview
, then existing Windows entries
on
or
ntUser
ntGroup
Chapter 7
Designing Synchronization
object classes
143
Advertisement
Table of Contents
Related Manuals for Red Hat DIRECTORY SERVER 7.1 - DEPLOYMENT
Related Products for Red Hat DIRECTORY SERVER 7.1 - DEPLOYMENT
- Red Hat DIRECTORY SERVER 8.1 - 11-01-2010
- Red Hat DIRECTORY SERVER 8.1 - USING RED HAT CONSOLE 4-28-2008
- Red Hat DIRECTORY SERVER 8.1 - USING THE ADMIN SERVER
- Red Hat Linux Virtual Server
- Red Hat LINUX VIRTUAL SERVER - FOR ENTERPRISE LINUX 5.2 REV 05-2008
- Red Hat LINUX VIRTUAL SERVER 4.5 - ADMINISTRATION
- Red Hat LINUX VIRTUAL SERVER 4.6 - ADMINISTRATION
- Red Hat LINUX VIRTUAL SERVER 4.7 - ADMINISTRATION