Category:Group as Group Sync
Last Updated:2011-08-18
Default functionality for Group as Group sync is outlined in the How can I sync Groups as Groups (List Processing) article. Default Group as Group sync processing requires that you sync both Groups AND member objects (Users/Contacts). This is required because the connection needs to know how to resolve the DNs of the Group members in order to sync group membership .
Occasionally, in certain circumstances, you may have a connection that needs to sync just Groups. Possibly a separate connection already syncs the Users/Contacts... or the destination already contains the Users/Contacts (manually created). In these cases, you may implement this DNHashGen connection solution. This solution uses a Join connection between the source and destination, and builds a DNHash.txt file containing DN information for the source and destination member objects. This file is used by your Group sync connection so Group Membership can be resolved.
Connection 1 uses a special destination sync engine of DNHASHGen. This connection should select Source Object Types of Users/Contacts only (not Groups). This connection uses Source/Dest indexes (on the Destination tab) to perform a JOIN identifying matching member objects between the source and destination directories. Suggested indexes may be Mail/Mail, or some other set of unique index attributes. When the DNHashGen connection runs, the JOIN is performed, exporting a file, export.txt. This file contains a hash table identifying source/destination matches. (Your destination objects are not touched.)
Connection 2 syncs only source Groups, creating destination Groups, using the export.txt file (renamed to dnhash.txt) to resolve membership.
The below examples uses an Ex55 source and an AD destination, and uses Source/Dest indexes of Mail/Mail. You may use any supported source type. The option selections may change slightly depending on your source type.
*To create Connection 1*
1) Click Connection > New > Connection
2) Give this connection a name like "Ex55 to Ex2000 DNHASHGEN"
3) Select a source map template of Exchange 5.5 and source engine of LDAP.
4) Leave the default destination map template and select a destination engine of *DNHASHGEN*. (The exact dest map template doesn't matter because this connection isn't really creating anything.)
5) Fill in the Source tab to identify the Ex55 source as usual (IP/login/pw) .
5b) Select the Desired Source Object Types (Users/Contacts).
6) Fill in the Destination tab to identify the Ex2000 destination as usual (IP/login/pw).
7) On the Destination tab, leave the 'Create Objects' parameters BLANK.
8) Fill in the Join with Existing Objects parameters:
Source Index: mail
Dest Index: mail
9) Click APPLY
10) Run this connection, Discovery and Sync. Discovery reads the source, Sync performs the JOIN and outputs a file, export.txt. (Nothing is added or changed on the destination.)
11) Review the results of the sync run... Were the appropriate number of records exported? Did you have any "Search Mode Non Match" warnings? This means a record exists on the source, but no match was found on the destination. Any questions about these results, let me know.
*To create Connection 2*
1) This is a regular Ex55-Ex2000 connection. The source should be Exchange 5.5/ldap. The Destination should be Active Dir/ldap. (The exact dest map template doesn't matter because this connection isn't really creating 'person' objects, only Groups.).
2) On the Source tab of this Ex55-Ex2000 connection, select only the 'Group' Object Type (Distribution Lists) and leave the others UNselected (i.e do not select any of the Person object types).
3) On the Destination tab, specify a Structure Name and/or Placement DN to identify where you want to create the GROUP objects.
4) On the Destination tab, specify the type of Group object to create by selecting a List Processing option (bottom of the Destination tab).
5) Copy the export.txt (created by connection 1) to the Connection 2 directory as dnhash.txt (i.e. \SimpleSync-v4.6\Connections\ConnectionTWO\dnhash.txt)
6) Click APPLY.
7) Run this connection, Discovery and Sync. Discovery reads the source, Sync performs the Sync, creating GROUPS on the destination, and applying membership.
8) Review the results of the sync run... were the appropriate number of GROUPS created? Do they have correct membership assigned?
Note: If running this on an ongoing basis, you'll want to always run both connections, copying the export.txt to DNHASH.txt in between the connection runs. Sync runs and copy of the export file can be automated via your usual sync script.
Sample Script:
shell "Connection1"
copy /y c:\UnitySync-v1.x\Connections\Connection1\export.txt c:\UnitySync-v1.x\Connections\Connection2\dnhash.txt
shell "Connection2"