Failover Modes
You can take one of two approaches towards implementing Active Directory failover resolution:
-
Manual mode. When a problem occurs, the administrator specifies which backup domain controller and USN to use. This is the only mode available when running tasks from the Identity Manager interface.
-
Semi-auto mode. Semi-auto mode permits you to semi-automate the fail-over resolution process. In semi-auto mode, the task uses the collected data to identify the best backup domain controller and USN to use. It computes this by looking for a collection point that is closest to a derived TargetTimestamp without exceeding this value
where TargetTimestamp = (FailureTimestamp - replicationTime)
Semi-auto mode is not available from the Identity Manager Administrator interface.
Arguments
If you have determined that launching semi-auto failover is appropriate for a particular error, set the following task arguments. (The on-error workflow must launch the Active Directory Synchronization failover task.) Setting these arguments reconfigures the failed resource and the IAPI Object to use an alternate domain controller and usnChanged starting point.
|
Argument |
Description |
|---|---|
|
resourceName |
Identifies (by name or resource ID) where the failure has occurred. |
|
autoFailover |
Specifies whether auto failure is set. Must be set to true. |
|
failureTimestamp |
Indicates when the failure occurred. This value is derived from the onSync failure process. |
|
replicationTime |
Specifies the maximum time in hours for data to replicate across an Active Directory environment. |
To manually specify which domain controller to fail over to and which saved HighestCommittedUSN number to start from, set the following arguments.
|
Argument |
Description |
|---|---|
|
resourceName |
Specifies the name or ID of the resource where the failure has occurred. |
|
backupDC |
Specifies the name of the host with which to begin the synchronization process. |
|
usnDate |
The timestamp to use that correlates to a collected HighestCommittedUSN changed value from the collected data. This would be computed just as targetTime was computed in the semi-auto mode. |
|
restartActiveSync |
Specifies whether to start Active Sync after the switch to the new domain controller is complete. |
Resource Object Changes
The Active Directory Recovery Collector task updates either the LDAPHostname or the GlobalCatalog resource attribute value (depending on which value is in use). If the search subdomains resource attribute is set to true, and the global catalog attribute value is not empty, the global catalog server attribute is changed. Otherwise, the LDAPHostname is changed to the name of the backup domain controller.
IAPI Object Changes
The Active Directory Recovery Collector task also updates the IAPI object so that the Active Directory resource adapter knows which changes to look for the next time it runs. The task updates the HighCommitedUSN value for both lastUpdated and lastDeleted attribute values.
- © 2010, Oracle Corporation and/or its affiliates