Sun Java System Identity Synchronization for Windows 6.0 Deployment Planning Guide

Linking Migrated Active Directory Entries

After the links in the Directory Server entries are removed, new links are established with the Active Directory entries by using the idsync resync command. Use the -a option with the (sn=G*) filter to link only the users that have been migrated.

According to Microsoft’s documentation, user passwords will be migrated when users are moved from Windows NT to Active Directory. However, if users change their passwords in Active Directory before they are relinked to the Directory Server entries, these password changes will not be synchronized to the Directory Server.

You can use the -i NEW_LINKED_USERS option with the idsync resync command to synchronize Directory Server passwords with their Active Directory values.

Note –

If any of the users’ passwords are modified in Directory Server during the migration process, these password changes will be lost.

bash-2.05# ./idsync resync -w <omitted password\> 
-q <omitted password\> -f linkusers-ad-only.cfg 
-i NEW_LINKED_USERS -a "(sn=G*)"
Validating and starting refresh operation ’1098238348483’.
Hit CTRL+C to cancel.
User progress:
# Entries sent: 1346
# Entries successfully linked: 1346
# Entries that were modified: 1346