test

Sun Java System Directory Server Enterprise Edition 6.1 Release Notes

Directory Source Specific Recovery Procedures

The following procedures correspond to specific directory sources.

Microsoft Active Directory

If Active Directory can be restored from a backup, then follow the procedures in the sections covering either bidirectional, or unidirectional synchronization.

You might, however, have to use a different domain controller after a critical failure. In this case, follow these steps to update the configuration of the Active Directory Connector.

ProcedureTo Change the Domain Controller

  1. Start the Identity Synchronization for Windows management console.

  2. Select the Configuration tab. Expand the Directory Sources node.

  3. Select the appropriate Active Directory Source.

  4. Click Edit controller, and then select the new domain controller.

    Make the selected domain controller the NT PDC FSMO role owner of the domain

  5. Save the configuration.

  6. Stop the Identity Synchronization service on the host where the Active Directory Connector is running.

  7. Delete all the files except the directories, under ServerRoot/isw-hostname/persist/ADPxxx. Here, xxx is the number portion of the Active Directory Connector identifier.

    For example, 100 if the Active Directory Connector identifier is CNN100.

  8. Start the Identity Synchronization service on the host where the Active Directory Connector is running.

  9. Follow the steps according to your synchronization flow in the unidirectional or the bidirectional synchronization sections.

Fail Over and Directory Server

Either the Retro Changelog database, or the database with synchronized users, or both can be affected by a critical failure.

ProcedureTo Manage Directory Server Fail Over

  1. Retro-Changelog Database.

    Changes in the Retro Changelog database might have occurred that the Directory Server connector could not process. Restoration of the Retro Changelog database only makes sense if the backup contains some unprocessed changes. Compare the most recent entry in the ServerRoot/isw-hostname/persist/ADPxxx/accessor.state file with the last changenumber in the backup. If the value in accessor.state is greater than or equal to the changenumber in the backup, do not restore the database. Instead, recreate the database.

    After the Retro Changelog database is recreated, make sure that you run idsync prepds. Alternatively, click Prepare Directory Server from the Sun Directory Source window in the Identity Synchronization for Windows management console.

    The Directory Server connector detects that the Retro Changelog database is recreated and log a warning message. You can safely ignore this message.

  2. Synchronized Database.

    If no backup is available for the synchronized database, then the Directory Server connector has to be reinstalled.

    If the synchronized database can be restored from a backup, then follow the procedures in either the bidirectional or the unidirectional synchronization sections.