Red Hat DIRECTORY SERVER 8.1 - DEPLOYMENT Deployment Manual page 113

(cn=Users,dc=test,dc=com). Each subtree can be synchronized only to one other subtree to
avoid naming conflicts and change conflicts.
To take advantage of Windows Sync, use it with a Directory Server supplier in multi-master replication
synchronized to a member of a Windows domain. This propagates changes through both directory
systems while keeping the information centralized and easy to maintain. It also makes it easier to
master the data.
Figure 7.1. Multi-Master Directory Server — Windows Domain Synchronization
Only create one synchronization agreement to any given Windows domain. To propagate the changes
and information synchronized from the Windows server throughout the Directory Server, create the
synchronization agreement with a multi-master supplier, preferably a data master for the replication
deployment.
7.2.7. Identifying the Directory Data to Synchronize
Windows Sync synchronizes user and group entries between directory services. After deciding which
subtrees to synchronize, plan the information to store in those subtrees, such as the following:
• Contact information for directory users and employees, such as telephone numbers, home and
office addresses, and email addresses.
• Contact information for trading partners, clients, and customers.
• User's software preferences or software configuration information.
• Group information and group membership.
Group members are synchronized only if they are within the synchronized suffix. Group members
that are not within the scope of the agreement are left unchanged on both sides; that is, they are
listed as members of the group on the appropriate directory service, but their member attribute in the
group entry is not synchronized with the synchronization peer.
Identifying the Directory Data to Synchronize
103