test

Sun Java System Directory Server Enterprise Edition 6.3 Installation Guide

ProcedureTo Configure Identity Synchronization for Windows to Detect and Synchronize Object States between Directory Server and Active Directory

  1. Select an attribute from the Activation state attribute drop-down list.

  2. Click the New button to add attribute values to the Value column of the table.

  3. Click in the State column next to each of the Value entries and when the drop-down list is displayed, select Activated or Inactivated.

    Figure 6–44 Selecting a State

    Specifying State.

    For example, if you were using Access Manager:

  4. Select the inetuserstatus attribute from the Activation state attribute drop-down list.

  5. Click the New button and enter active, inactive, and deleted attribute values to the Value column of the table.

  6. Click in the State column and select Activated or Inactivated for each value as follows:

    • No Value: Activated

    • active: Activated

    • inactive: Inactivated

    • deleted: Inactivated

    • All Other Values: Inactivated

    Based on this example, Using a Custom Method for Directory Server describes how Identity Synchronization for Windows will detect and synchronize activations/inactivations when you enable the Use Custom Method for Directory Server option (using the inetuserstatus example).

    Value 

    State 

    Result 

    No Value

    Activated 

    If the inetuserstatus attribute is missing or does not have a value, Identity Synchronization for Windows detects the object as activated.

    active

    Activated 

    If the attribute is active Identity Synchronization for Windows detects the object as activated.

    inactive

    Inactivated 

    If the attribute value is inactive Identity Synchronization for Windows detects the object as inactivated.

    deleted

    Inactivated 

    If the attribute value is deleted Identity Synchronization for Windows detects the object as inactivated.

    All Other Values

    Inactivated 

    If the attribute has a value, but that value is not specified in the table, Identity Synchronization for Windows detects the object as inactivated. 

    Setting Activations and Inactivations

    As you populate the Value and State table with entries, Identity Synchronization for Windows automatically populates the Activated value and Inactivated value drop-down lists as follows:

    • The Activated value list contains all values with an Activated status (for example No Value and active).

    • The Inactivated value list contains all values with an Inactivated status (for example inactive and deleted).

    • Neither list will contain the All Other Values value.

      Select a value from the Activated value and/or the Inactivated value drop-down lists to specify how Identity Synchronization for Windows will activate and/or inactivate an object when synchronizing from Active Directory.

    • Activated value: Controls the object’s active state.

      • No Value: If the object contains the active value, Identity Synchronization for Windows will set the state to activated in Directory Server.

      • active: If the object contains the active value, Identity Synchronization for Windows will set the state to activated in Directory Server.

    • Inactivated value: Controls the object’s active state.

      • inactive or deleted: Identity Synchronization for Windows will set the object’s state to inactive in Directory Server.

      • none: Not a valid setting. You must select a value.

      Note –

      You must specify an Inactivated value or your configuration will be invalid.

      Using a Custom Method for Directory Server illustrates a completed Configure Custom Method for Directory Server dialog box.

    Figure 6–45 Example: Completed Dialog

    Example of a completed Configure Custom Inactivation Mechanism for Directory Server dialog box.