Synchronizing Red Hat Directory Server With Microsoft Active Directory; About Windows Sync - Red Hat DIRECTORY SERVER 8.0 - ADMINISTRATION Administration Manual
Hide thumbs
Also See for DIRECTORY SERVER 8.0 - ADMINISTRATION:
- Installation manual (128 pages) ,
- Command reference manual (278 pages)
Table of Contents
Advertisement
Chapter 19.
Synchronizing Red Hat Directory
Server with Microsoft Active Directory
The Windows Sync feature allows synchronization of adds, deletes, and changes in groups, users,
and passwords between Red Hat Directory Server and Microsoft Active Directory. It provides an
efficient and effective way to maintain consistent information across directories.
19.1. About Windows Sync
Synchronization allows the user and group entries in Active Directory to be matched with the entries in
the Red Hat Directory Server. As entries are created, modified, or deleted, the corresponding change
is made to the sync peer server, allowing two-way synchronization of users, passwords, and groups.
The synchronization process is analogous to the replication process: the synchronization is enabled
by a plug-in, configured and initiated through a sync agreement, and record of directory changes is
maintained and updates are sent according to that changelog. This synchronizes users and groups
between Directory Server and a Windows server.
Windows Sync has two parts, the sync service for directory entries and the sync service for
passwords:
• Directory Server Windows Sync. The Directory Server leverages the Multi-Master Replication
Plug-in to synchronize user and group entries. The same changelog that is used for multi-master
replication is also used to send updates from the Directory Server to Active Directory as an LDAP
operation. The server also performs LDAP search operations against its Windows server to
synchronize changes made to Windows entries to the corresponding Directory Server entry. This is
Figure 19.1, "Active Directory - Directory Server Synchronization
illustrated in
Figure 19.1. Active Directory - Directory Server Synchronization Process
• Password Sync Service. This application captures password changes for Windows users and relays
those changes back to the Directory Server over LDAPS. It must be installed on the Active Directory
machine. This is done separately from the Windows Sync service to accommodate password
encryption.
Synchronization is configured and controlled by one or more synchronization agreements, which
establishes synchronization between sync peers, the directory servers being synced. These are
Process".
447
Advertisement
Table of Contents
Troubleshooting
