With the cancellation of directory independence and the push to use TDI instead of the old ADSync tool, are there example scripts for TDI to do the basic work of updating a field in Active Directory with the person’s full, hierarchical Domino name? This would be to support SPNEGO and full Windows SSO.
Subject: TDI Group
I recommend checking this web site: WebHome < Integrator < TDI Users
There is a forum too.
I currently have this working:
-
SPNEGO
-
Shared Login
-
TDI syncing MSAD and Domino, with central administration of users through MSAD. Disabled accounts are populated in Domino groups and I am planning on integrating password sync of TDI with Domino ID Vault to reset internet and ID passwords at once.
TDI is really fun to use, but you will have to do some scripting. For sure.
Subject: Great!
Thanks for the pointers. This link in particular is especially helpful:
Domino and Active Directory Integration: Domino integration with TDI - Domino and Active Directory integration
Subject: Did you ever get TDI to synch passwords with ID Vault?
What was the outcome for item 3 on your list? Were you able to get TDI to synch passwords between AD and ID Vault? Anything you can share about how to do it?
Subject: One question
that I didn’t find the answer to. If I’m going to use this to move data from the Domino directory to Active Directory, does Domino or a Notes client need to be installed on the same server where I’m running TDI?
Subject: It depends
As you will see, you have three different types of connections (Mostly). LocalServer, ClientMode and IIOP. LocalServer does need the Domino server running in the same machine as TDI. Client mode of course not, but you do need a Notes Client and its important that the last user to use the client matches the one you are using in your connector. This is because TDI will check notes.ini to find the ID. The last one is IIOP. You will need to enable DIIOP in your Domino server but you dont need to run Domino in the TDI machine.