A Synchronization User List (SUL) specifies which users in Active Directory and Sun Directory Server will be synchronized. Every entry in the SUL passes through the Connector and is evaluated against the constraints you configured for that SUL.
Each SUL contains two elements, one to identify which Directory Server users to synchronize and one to identify which Windows users to synchronize.
For more information about defining and configuring SULs (including components of a definition, how to define multiple SULs, how multiple SULs are processed, and how to configure multiple Windows domain support) refer to Appendix D, Defining and Configuring Synchronization User Lists for Identity Synchronization for Windows
Naming attribute: Attribute used for newly created users (creation expression) (not applicable for NT)
Select the Synchronization User Lists node in the navigation tree, and then click New Synchronization User List button.
The Define a Synchronization User List wizard is displayed.
If the default name is acceptable, click Next.
If you want to use a different name, type a different name into the Name field and then click Next.
Do not use spaces or any kind of punctuation in the SUL name.
You must specify a name that is unique within the system.
The Windows Criteria panel is displayed.
You cannot edit the Active Directory or Directory Server directory sources included in this SUL after you click the Finish button to create the SUL. When the Group Synchronization feature is enabled, the creation expression would be uid=%uid% or cn=%cn% in the Sun Java System Directory Server Criteria panel.
Type the name into the text field (for example, DC=example,DC=com).
Click the Browse button, to open the Set Base DN dialog box so you can look for, and select a Base DN.
All users under the specified Base DN will be included in this SUL, unless you explicitly exclude them using a filter.
Base DNs and creation expressions are not allowed for Windows NT machines.
You cannot edit the Active Directory or Directory Server directory sources included in this SUL after you click the Finish button to create the SUL. When the Group Synchronization feature is enabled, then the creation expression should be uid=%uid% in the Sun Java System Directory Server Criteria panel.
You can enter an equality, a presence, or a substring Filter to specify which users in this base DN are synchronized. For example, if you are using the same base DN for multiple synchronization user lists, you may want to use a filter to distinguish between them.
The equality filter syntax is similar to LDAP query syntax, except that equality substrings allow *, &, |, =, ! characters only. For example, you can use the following filter to exclude the Administrator from your SUL:
The program should populate the Creation Expression field automatically.
A creation expression is not allowed for Sun directories unless you configured user attribute creations to flow from Active Directory to Directory Server. For more information, see Specifying How Object Creations Flow.
If the creation expression is missing or you want to change the existing entry, you can enter a creation expression for all Windows Active Directory synchronization user lists; for example:
If you are going to change the creation expression, you must select an attribute that you will be synchronizing. If necessary, go back to the Object Creation tab and use the Creation Attribute button to add and map this attribute.
Click Next to specify the Sun Java System Directory Server criteria.
When the Specify the Sun Java System Directory Server Criteria panel is displayed repeat Step 2 through Step 5 to provide the Directory Server criteria.
You cannot edit the Active Directory or Directory Server directory sources included in this SUL after you click the Finish button to create the SUL.
When you are done, click Finish.
The program adds your new SUL node to the navigation tree and the Synchronization User List panel is displayed on the Configuration Tab.