Field | Description |
Directory Assistance domain | Select the domain specified in the Domain name field in the LDAP tab of the Directory Assistance document that is enabled for Directory Sync. For example,Renovations AD.
Note: To be able to select a domain, there must be a directory assistance document enabled for Directory Sync that specifies this domain. |
Dirsync status | After you complete the other configuration options in this document, selectEnabled to enable Directory Sync. You see the following prompt:
Begin sync now or run in test mode?
Choose one of the following options:
- Synchronize data
- Run in test mode (log to console, don't update data)
Select Run in test mode to simulate the actions that Directory Sync would take but without changing any Domino data. Make any adjustments needed to the Directory Sync configuration. When you are ready to enable synchronization for real, select Synchronize data. |
Sync all Active Directory users |
- Select Yes to sync Active Directory users regardless if they are registered in Domino.
- Select No (default) to sync only Active Directory users who are registered in Domino. If previously set to Yes, any unregistered Active Directory users synced previously are removed from the Domino directory.
Changing the value of this field, causes a full resync.
For an Active Directory record to sync with Domino, the Active Directory mailfield must match theInternet address field in the Domino directory Person document. |
Domino directory file name | The file name for the Domino directory, typically names.nsf. |
Direction | The direction of synchronization. Currently only Active Directory to Domino is available. |
Rename Domino users upon Active Directory rename |
Note: If the name of an Active Directory user who is not registered in Domino changes, the name is automatically updated in the Domino directory Person document during sync, regardless of this option. |
Sync frequency | How frequently the Dirsync task checks for Active Directory changes to synchronize. Default is once a minute. |
Resync frequency | How often to resync all data from Active Directory, in minutes. Default is 10,000 minutes or approximately once a week. If you don't want to regularly resync all data, specify 0.
Resync causes the following changes to synchronize which are not otherwise synced:
- Deleted users and groups.
- Name changes within groups.
Consider increasing the default value if many users and groups are regularly deleted in Active Directory. Also if there are frequent name changes and you synchronize Active Directory groups.
Resync runs in the background on the Domino administration and does not have a big impact on performance. |
Field | Description |
Fields to sync to Domino | Use this field to specify which Active Directory person fields to sync to Domino. A standard list of fields from Active Directory is shown by default. You can add or remove fields from the list. When Active Directory and Domino use different names for a field, the Domino field name is shown in parentheses after the Active Directory field name. For example:mail (Email address).
Modifying this field causes a full resync.
Note:
- When syncing multi-valued attributes, only the first value is synced.
- Removing an attribute that was previously synced does not remove it from Person documents.
|
LDAP Filter | When you don't specify a filter, the following default search filter is used: (|(objectClass=Group)(objectClass=Person)). This filter syncs all users and groups in Active Directory.
Optionally, use a standard LDAP search filter to sync a subset of users and groups based on attribute. Be sure to include the default filter in your custom search filter; that way, only user and group records are synced and not other types of records that are not relevant for the Directory Sync feature.
For example, to sync only user and group records that contain the department hrAND the state MN, use the following filter:(&(|(objectClass=Group)(objectClass=Person))(&(department=hr)(st=MN)))
Tip:
To verify a custom search filter, you can use an open source LDAP browser such as Apache Directory Studio.
Modifying this field causes a full resync. |
LDAP Groups |
- If you want to synchronize groups, select the types of groups to synchronize. If you don't want to synchronize groups, do not select either option.
- Security groups, to be able to use Active Directory security groups in Notes® access lists.
- Distribution groups, to be able to use Active Directory distribution groups in Notes mail addressing.
- Select No to synchronize person information only.
Modifying this field causes a full resync. |