Select the Synchronization User Lists node in the navigation tree, and then click New Synchronization User List button.
The Define a Synchronization User List wizard is displayed.
The program default for your first Synchronization User List is SUL1.
If the default name is acceptable, click Next.
If you want to use a different name, type a different name into the Name field and then click Next.
Do not use spaces or any kind of punctuation in the SUL name.
You must specify a name that is unique within the system.
The Windows Criteria panel is displayed.
Select a Windows Directory Source from the drop-down list.
You cannot edit the Active Directory or Directory Server directory sources included in this SUL after you click the Finish button to create the SUL. When the Group Synchronization feature is enabled, the creation expression would be uid=%uid% or cn=%cn% in the Sun Java System Directory Server Criteria panel.
AUser Set Domainis the set of all the users to be synchronized. Enter the User Set Domain's Base DN, using one of the following methods:
Type the name into the text field (for example, DC=example,DC=com).
Click the Browse button, to open the Set Base DN dialog box so you can look for, and select a Base DN.
All users under the specified Base DN will be included in this SUL, unless you explicitly exclude them using a filter.
Base DNs and creation expressions are not allowed for Windows NT machines.
You cannot edit the Active Directory or Directory Server directory sources included in this SUL after you click the Finish button to create the SUL. When the Group Synchronization feature is enabled, then the creation expression should be uid=%uid% in the Sun Java System Directory Server Criteria panel.
You can enter an equality, a presence, or a substring Filter to specify which users in this base DN are synchronized. For example, if you are using the same base DN for multiple synchronization user lists, you may want to use a filter to distinguish between them.
The equality filter syntax is similar to LDAP query syntax, except that equality substrings allow *, &, |, =, ! characters only. For example, you can use the following filter to exclude the Administrator from your SUL:
(!(cn=Administrator))
The program should populate the Creation Expression field automatically.
A creation expression defines the parent DN and naming attribute used when new entries are propagated from Active Directory to Directory Server.
A creation expression is not allowed for Sun directories unless you configured user attribute creations to flow from Active Directory to Directory Server. For more information, see Specifying How Object Creations Flow.
If the creation expression is missing or you want to change the existing entry, you can enter a creation expression for all Windows Active Directory synchronization user lists; for example:
cn=%cn% ,cl=users,dc=example,dc=com
If you are going to change the creation expression, you must select an attribute that you will be synchronizing. If necessary, go back to the Object Creation tab and use the Creation Attribute button to add and map this attribute.
Click Next to specify the Sun Java System Directory Server criteria.
When the Specify the Sun Java System Directory Server Criteria panel is displayed repeat Step 2 through Step 5 to provide the Directory Server criteria.
You cannot edit the Active Directory or Directory Server directory sources included in this SUL after you click the Finish button to create the SUL.
When you are done, click Finish.
The program adds your new SUL node to the navigation tree and the Synchronization User List panel is displayed on the Configuration Tab.
In cases where a user matches multiple lists, click the Resolve Domain Overlap button to define a preference for the synchronization user list.
Create a Synchronization User List that includes every directory source in your network except for the Directory Server.