You can use the resync subcommand to bootstrap deployments with existing users. This command uses administrator-specified matching rules to
Populate an empty directory with the contents of a remote directory
Bulk-synchronize attribute values between two existing user populations
Bulk-synchronize existing groups and the users associated with the groups (when the group synchronization feature is enabled).
For more detailed information about linking and synchronizing users, see Chapter 3, Understanding the Product.
To resynchronize existing users and to pre-populate directories, open a terminal window (or a Command Window) and type the idsync resync command as follows:
idsync resync [-D bind-DN] -w bind-password | - [-h Configuration Directory-hostname] [-p Configuration Directory-port-no] [-s rootsuffix] -q configuration_password [-Z] [-P cert-db-path] [-m secmod-db-path] [-n] [-f xml filename for linking] [-k] [-a ldap-filter] [-l sul-to-sync] [-o Sun | Windows] [-c] [-x] [-u][-i ALL_USERS | NEW_USERS | NEW_LINKED_USERS]
idsync resync -w admin password -q configuration_password
Using resync describes the arguments that are unique to resync:
Table A–8 idsync resync Usage
Argument | |
---|---|
-f filename |
Creates links between unlinked user entries using one of the specified XML configuration files provided by Identity Synchronization for Windows (see Appendix B, Identity Synchronization for Windows LinkUsers XML Document Sample ) |
-k |
Creates links between unlinked users only (does not create users or modify existing users) |
-a ldap-filter |
Specifies an LDAP filter to limit the entries to be synchronized. The filter will be applied to the source of the resynchronization operation. For example, if you specify idsync resync -o Sun -a “uid=*” all Directory Server users that have a uid attribute will be synchronized to Active Directory. |
-l sul-to-sync |
Specifies individual Synchronization User Lists (SULs) to resynchronize Note: You can specify multiple SUL IDs to resynchronize multiple SULs or, if you do not specify any SUL IDs, the program will resynchronize all of your SULs. |
-o (Sun | Windows) |
Specifies the source of the resynchronization operation
|
-c |
Creates a user entry automatically if the corresponding user is not found at destination
|
-i (ALL_USERS | NEW_USERS | NEW_LINKED_USERS) |
Resets passwords for user entries synchronized in the Sun directory sources, forcing password synchronization within the current domain for those users the next time the user password is required.
|
-u |
Only updates the object cache. No entries are modified. This argument updates the local cache of user entries for a Windows directory source only, which prevents pre-existing Windows users from being created in Directory Server. If you use this argument, Windows user entries are not synchronized with Directory Server user entries. This argument is valid only when the resync source is Windows. |
-x |
Deletes all destination user entries that do not match a source entry. |
-n |
Runs in safe mode so you can preview the effects of an operation with no actual changes. |
Run idsync resync with no arguments to view a usage statement.
For detailed information about the resync arguments, review Common Arguments to the Idsync Subcommands.
For more information about resynchronizing existing users, review Chapter 3, Understanding the Product.
After running resync, check the resync.log file in the central audit log. If errors result, consult Chapter 7, Troubleshooting Identity Synchronization for Windows, in Sun Java System Directory Server Enterprise Edition 6.3 Troubleshooting Guide.