Directory Wizards Inc.

Solutions For Your Directory Needs

• Products
• Support
• Knowledgebase
• Blog
• DirWiz Gear
• About
• Home

RSS feed

Categories

• Active Directory
• ADAM
• Address Manipulation
• BPOS
• Exchange 200x
• Exchange 5.5
• Exclusions
• General
• Group as Group Sync
• Groupwise
• LDAP SSL
• LDIF
• Licensing & Keys
• Lotus Notes / Domino
• Map Files
• Master/Spoke
• Netscape
• ODBC
• Oracle
• Outlook
• Profiler
• SharePoint
• Troubleshooting
• UnitySync
• USync
• Windows 2000

Knowledgebase

Syncing Manager value, AD to AD, when Manager's object is outside the connection's scope

Category:Active Directory

Last Updated:2011-08-03

Download PDF version

When syncing AD to AD, there is a default mapping to sync the Manager attribute value:

Manager=#Manager#

Default functionality requires that in order for the 'Manager' attribute value to be set on a synced object, the Manager's source object must be part of the sync, and also sync over.   By being included in the sync scope, the Manager's object DN is in the connections hash table, and the Sync phase is able to translate #Manager# for the destination object. 

Occasionally, in certain circumstances, you may have a connection that does not include all source objects. So when creating some objects on the destination, the Manage attribute is not set because the sync can not translate #Manager#.  In these cases, you may implement a DNHashGen connection solution. This solution uses a separate Join connection between the source and destination... it builds a DNHash.txt file containing DN information for the source and destination objects. This dnhash.txt file is utilized by your original sync connection to resolve #Manager#  and assign 'Manager' on the synced destination objects.

Connection 1 : This is your new DNHashGen connection. This connection uses a special destination sync engine of DNHASHGen. This connection should select Source Object Types of Users/Contacts. This connection uses Source/Dest indexes (on the Destination tab) to perform a JOIN identifying matching member objects between the source and destination directories. Suggested indexes may be Mail/Mail, or some other set of unique index attributes. When the DNHashGen connection runs, the JOIN is performed, exporting a file, export.txt. This file contains a hash table identifying source/destination matches. (Your destination objects are not touched.)

Connection 2 : This is your standard connection. This connection may be configured as usual, with the addition of the export.txt file (renamed to dnhash.txt) to resolve #Manager#.

*To create Connection 1*

1. Click Connection > New > Connection
2. Give this connection a name like "Forest 1 to Forest 2 DNHASHGEN"
3. Select a source map templates and source engine of LDAP.
4. Leave the default destination map template and select a destination engine of *DNHASHGEN*. (The exact dest map template doesn't matter because this connection isn't really creating anything.)
5. Fill in the Source tab to identify the source as usual (IP/login/pw) .
       5b) Select the Desired Source Object Types (Users/Contacts).
       5c) Do not specify a Selection DN.  The intent is to Discover all source objects.
6. Fill in the Destination tab to identify the destination as usual (IP/login/pw).
7. On the Destination tab, leave the 'Create Objects' parameters BLANK.
8. Fill in the Join with Existing Objects parameters: example:
   Source Index: mail
   Dest Index: mail
9. Click APPLY
10. Run this connection, Discovery and Sync. Discovery reads the source, Sync performs the JOIN and outputs a file, export.txt. (Nothing is added or changed on the destination.)
11. Review the results of the sync run... Were the appropriate number of records exported? Did you have any "Search Mode Non Match" warnings? This means a record exists on the source, but no match was found on the destination. Any questions about these results, let me know.

*To create Connection 2*

1. This is your normal ldap sync connection.
2. Copy the export.txt (created by connection 1) to the Connection 2 directory as dnhash.txt
   (i.e. \UnitySync-v1.0\\Connections\Connection2\dnhash.txt)
3. Run this connection, Discovery and Sync. Discovery reads the source, Sync performs the Sync to the Destination, updating your objects, including Manager.
4. Review the results of the sync run... were the appropriate number of object created/updated? Do they have a Manager assigned?
   
   Note: If running this on an ongoing basis, you'll want to always run both connections, copying the export.txt to DNHASH.txt in between the connection runs. Sync runs and copy of the export file can be automated via your usual sync script.

Sample Script:

shell "Connection1"
copy /y c:\UnitySync-v1.0\Connections\Connection1\export.txt c:\UnitySync-v1.0\\Connections\Connection2\dnhash.txt
shell "Connection2"

© 2011 Directory Wizards Inc.