Sun Java System Directory Server Enterprise Edition 6.0 Installation Guide

Specifying Configuration Settings for Group Synchronization

If you enable Group Synchronization between Directory Server and Active Directory, you can synchronize the creation of groups, deletion of groups, and the membership changes within that group .

Note –

Group Synchronization is not supported on Windows NT directory sources.

ProcedureTo Synchronize Groups:

  1. Under the Groups tab, select the Enable Group Synchronization check box.

  2. Select one of the following Group Synchronization methods to specify how Identity Synchronization for Windows will detect and synchronize various groups:

    • Domain Global Security

    • Domain Global Distribution

    Figure 6–46 Enable Group Synchronization

    Enable Group Synchronization and specify the way the
groups will flow from Directory Server to Active Directory.

    Note –

    For more information about Domain Global Security, Domain Global Distribution, and Active Directory; see the Microsoft Active Directory documentation.

Configure Identity Synchronization for Windows to Detect and Synchronize Groups Related Changes between Directory Server and Active Directory

You do not need to map any attribute manually for the group synchronization. When you press Save, Identity Synchronization for Windows maps the attributes automatically.

Figure 6–47 Attribute Mapping for Group Synchronization

Select the attributes that you want to synchronize and
click Save.

Note –
  1. Do not modify the mapping between the userpasswordand unicodepwd attributes.

  2. To disable the group synchronization, deselect the Disable Group Synchronization check box.

  3. Alternatively, you can enable or disable group synchronization using command line idsync groupsync. For more information, see Appendix A, Using the Identity Synchronization for Windows Command Line Utilities.