Sun Java System Identity Synchronization for Windows 6.0 Installation and Configuration Guide

Using resync

You can use the resync subcommand to bootstrap deployments with existing users. This command uses administrator-specified matching rules to

Note –

For more detailed information about linking and synchronizing users, see Chapter 1, Understanding the Product.

To resynchronize existing users and to pre-populate directories, open a terminal window (or a Command Window) and type the idsync resync command as follows:

idsync resync [-D bind-DN] -w bind-password | - 
[-h Configuration Directory-hostname] [-p Configuration Directory-port-no] 
[-s rootsuffix] -q configuration_password [-Z] [-P cert-db-path] 
[-m secmod-db-path] [-n] [-f xml filename for linking] [-k] [-a ldap-filter] 
[-l sul-to-sync] [-o Sun | Windows] [-c] [-x] 

For example:

idsync resync -w admin password -q configuration_password

Using resync describes the arguments that are unique to resync:

Table A–8 idsync resync Usage



-f filename

Creates links between unlinked user entries using one of the specified XML configuration files provided by Identity Synchronization for Windows (see Appendix B, Identity Synchronization for Windows LinkUsers XML Document Sample )


Creates links between unlinked users only (does not create users or modify existing users) 

-a ldap-filter

Specifies an LDAP filter to limit the entries to be synchronized. The filter will be applied to the source of the resynchronization operation. For example, if you specify idsync resync -o Sun -a “uid=*” all Directory Server users that have a uid attribute will be synchronized to Active Directory.

-l sul-to-sync

Specifies individual Synchronization User Lists (SULs) to resynchronize 

Note: You can specify multiple SUL IDs to resynchronize multiple SULs or, if you do not specify any SUL IDs, the program will resynchronize all of your SULs.

-o (Sun | Windows)

Specifies the source of the resynchronization operation 

  • Sun: Sets attribute values for Windows entries to corresponding attribute values in Sun Java System Directory Server directory source entries.

  • Windows: Sets attribute values for Sun Java System Directory Server entries to corresponding attribute values in Windows directory source entries.

    (Default is Windows)


Creates a user entry automatically if the corresponding user is not found at destination 

  • Randomly generates a password for users created in Active Directory or Windows NT

  • Automatically creates a special password value ((PSWSYNC) *INVALID PASSWORD*) for users created in Directory Server (unless you specify the -i option)


Resets passwords for user entries synchronized in the Sun directory sources, forcing password synchronization within the current domain for those users the next time the user password is required. 

  • ALL_USERS: Forces on-demand password synchronization for all synchronized users

  • NEW_USERS: Forces on-demand password synchronization for newly created users only

  • NEW_LINKED_USERS: Forces on-demand password synchronization for all newly created and newly linked users


Only updates the object cache. No entries are modified. 

This argument updates the local cache of user entries for a Windows directory source only, which prevents pre-existing Windows users from being created in Directory Server. If you use this argument, Windows user entries are not synchronized with Directory Server user entries. This argument is valid only when the resync source is Windows. 


Deletes all destination user entries that do not match a source entry. 


Runs in safe mode so you can preview the effects of an operation with no actual changes. 

Note –