Sun Java System Identity Synchronization for Windows 6.0 Deployment Planning Guide

Initializing the Connector State

To initialize the connector state for the failover configuration, synchronization must be started. Before synchronization can be started, the Identity Synchronization for Windows Plugin must be enabled on both and to point to the failover configuration. Once the plugin has been enabled and the directory servers have been restarted, synchronization can be started. Verify that both connectors have entered the SYNCING state using the console or the idsync printstat command:

bash-2.05# ./idsync printstat -w <password omitted\> -q <password omitted\>
Exploring status of connectors, please wait
Connector ID: CNN100
     Type: Sun Java(TM) System Directory
     Manages:  dc=gt,dc=com (ldaps://
     State: SYNCING
     Installed on:
     Plugin SUBC100 is installed on ldaps://
     Plugin SUBC101 is installed on ldaps://

Connector ID: CNN101
     Type: Active Directory
     Manages: (ldaps:// (ldaps://
    (ldaps:// (ldaps://
     State: SYNCING
     Installed on:

Sun Java(TM) System Message Queue Status:  Started

Checking the System Manager status over the Sun Java(TM) System Message Queue.

System Manager Status:  Started


Once synchronization has started, modify a user password both in Active Directory and in Directory Server and it will force the connectors to persist their state. To verify, do the following:

Directory Server Connector: Check for the presence of the /var/opt/SUNWisw/persist/ADP100/accessor.state file. And check that the highestacknowledgedchangenumber value stored in the file is not -1. (To determine the appropriate ADP subdirectory of persist, find the connector ID using the console or idsync printstat, and then replace CNN with ADP in the connector ID.)

Active Directory Connector: Check that the Active Directory Connector actually propagated the change. There should be an INFO message in the central log that includes the usnchanged value, for example,

[05/Nov/2004:14:07:38.982 -0600] INFO    18  CNN101 connectors-eu  
"The agent is sending the following inbound action to MQ: 
Type: MODIFY SUL: GT_USERS {Data Attrs: } {Other Attrs: cn: Jane Test 
dn: CN=Jane Test,CN=Users,DC=gt,DC=com objectclass: top,person, 
organizationalPerson, user dspswuserlink: Rwyr9YEFk0WYxbFP5Nnrjg== pwdlastset: 
127441696561778218 samaccountname: 3aa00test100001 sn: test100001 usnchanged: 120831 
whenchanged: 20041105230736.0Z passwordchanged: TRUE}." 
(Action ID=CNN102-1000A5846CB-5, SN=2)

Once you have verified that both the connectors have check-pointed their state, stop synchronization for the failover installation, and then reinstall the Directory Server Plugins on and to point to the primary configuration.