Hi,We are in the process of trying to synch our Active Directory and Domino NAB…
I have read the redbook and Domino help, but don’t see this - Is the ‘match’ that is key to the Sync AD:samAccountname=Domino:Shortname?
I would like to map all the Domino person document fields to AD fields, has anyone done this and have a mapping already created that they would be willing to share?
When you first synchronize a user - and if the information is different AD vs Domino - say if the person changed their last name, but it only got changed in Domino, not AD. How do you know which ‘lastname’ value will ‘win’? In other words, which system owns the data?
3 - You cannot synchronize a user that has not been already been linked by GUID. At this point, the lastnames should be in-sync. The AD integration in the Admin Client and the Notes integration in AD are pushes. Which ever direction you are pushing will overwrite the other.
Can I assume that the only way that is provided to link the GUID is by actually creating the user with the AD integration on?
In other words, my existing 7800 users cannot be synched through the Domino ADSync interface?
(These users have been entered separately in AD & Domino for the past 3 years)
Do you know where this value is stored within Domino (the person doc field?)?
Maybe I can have someone write a script to populate it from AD.
Sorry about the number of questions…I’ve read the Redbook and the Admin help but didn’t find this. Do you know of any other docs that will clear things up for me?
Please, completely ignore my original post. ADSync will first search for the GUID of the user in Domino. It will then perform multiple searches for the use based on AD name/First Middle Last/etc… If it finds more than one match, an ambiguous name dialog will appear.
Thanks again, David.I’ve got this thing just about figured out, thanks to your help.
Regarding changes - if I’m maintaining the Location field or comment field within Domino - and I have those fields mapped to AD fields within the MMC AdSync interface - how do I trigger a ‘push’ from Notes?
Also, if you know if I can alter the matching sequence so that if GUID isn’t found, it would look by shortname, then name.
… I have those fields mapped to AD fields within the MMC AdSync interface - how do I trigger a ‘push’ from Notes?
The only ‘push’ from Notes happens optionally during registration/delete/rename. Registration will create the AD user, delete will remove the AD user, and rename will change the AD user name. You can’t push other information out of Domino.