Sun Java System Identity Synchronization for Windows 6.0 Installation and Configuration Guide

Modifying Directory Server’s NsAccountLock Attribute Directly

Use this method when Directory Server activations and inactivations are based on Directory Server’s operational attribute, nsAccountLock.


Note –

When the Modify Directory Server’s nsAccountLock attribute option is enabled, Identity Synchronization for Windows will not detect objects that are activated/inactivated using the Directory Server Console or command line utilities.


This attribute controls object states as follows:

Table 4–2 Modifying Directory Server’s nsAccountLock Attribute Directly

Activation 

Inactivation 

Identity Synchronization for Windows detects an inactivated object only when the nsAccountLock attribute is set to true.

Identity Synchronization for Windows detects an activated object only when the nsAccountLock attribute is absent or set to false.

When synchronizing an object inactivation from Active Directory, Identity Synchronization for Windows removes the nsAccountLock attribute.

When synchronizing an object activation from Active Directory, Identity Synchronization for Windows sets the nsAccountLock attribute to true.