Anonymous_User Absent Member.
Absent Member.
174 views

Synchronize Multiple OU's from Edir to AD


Right now I am working in a test environment but my final goal is to do
a one way sync of our 3 user OU's from edir into AD. I can easily have
one of them sync, but what is the best approach to sync multiple OU's to
the appropriate OU in AD ? Just use 3 different drivers and set them up
with the appropriate OU ? This seems like the easiest, but maybe
overkill, however it seems like it would add flexibility as I can easily
modify the OU sync independently without affecting the others ? I found
some suggestions of modifying the policies on the subscriber channel,
but I don't see exactly where it is telling to look for users.


--
deborahshields
------------------------------------------------------------------------
deborahshields's Profile: https://forums.netiq.com/member.php?userid=1035
View this thread: https://forums.netiq.com/showthread.php?t=49472

Labels (1)
0 Likes
4 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Synchronize Multiple OU's from Edir to AD

deborahshields wrote:

>
> Right now I am working in a test environment but my final goal is to
> do a one way sync of our 3 user OU's from edir into AD. I can easily
> have one of them sync, but what is the best approach to sync multiple
> OU's to the appropriate OU in AD ? Just use 3 different drivers and
> set them up with the appropriate OU ? This seems like the easiest,
> but maybe overkill, however it seems like it would add flexibility as
> I can easily modify the OU sync independently without affecting the
> others ? I found some suggestions of modifying the policies on the
> subscriber channel, but I don't see exactly where it is telling to
> look for users.


Are you using flat placement within each of the 3 OUs in eDirectory?
Or are you using source eDirectory OU to determine placement within AD?

Is the AD driver configured to allow objects in AD to trigger the
creation of objects in your IDVault/eDirectory? (in other words, what
is the publisher channel configured to do?)

IF you have three flat OUs, then it should just be a matter of
adjusting scoping and matching rules in the matching policies.

--
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Synchronize Multiple OU's from Edir to AD


Yes, I am currently working with flat placement into each ou.

Just a one way sync at this point, we currently do not have a need or
want changes to be made in ad.

Thanks for the info on the policies, I will review them again.


--
deborahshields
------------------------------------------------------------------------
deborahshields's Profile: https://forums.netiq.com/member.php?userid=1035
View this thread: https://forums.netiq.com/showthread.php?t=49472

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Synchronize Multiple OU's from Edir to AD

deborahshields wrote:

>
> Yes, I am currently working with flat placement into each ou.
>
> Just a one way sync at this point, we currently do not have a need or
> want changes to be made in ad.
>
> Thanks for the info on the policies, I will review them again.


If you have flat placement into each OU (rather than flat placement
into a single OU in the destination) then you will need to adjust your
placement policies as well as your matching/scoping policies.

Do these 3 OUs have a common direct parent?

I'm still a bit unclear about the direction you are referring to. In
your first post you said from "3 OUs from edir to AD". Now you are
saying you don't want to make any changes in AD, so is the sync instead
3 OUs from AD to edir?

--
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Synchronize Multiple OU's from Edir to AD

On Wed, 18 Dec 2013 07:31:19 +0000, Alex McHugh wrote:

> I'm still a bit unclear about the direction you are referring to. In
> your first post you said from "3 OUs from edir to AD". Now you are
> saying you don't want to make any changes in AD, so is the sync instead
> 3 OUs from AD to edir?


I suspect he intends to make MAD a slave to eDir, so Subscriber channel
only. Nobody's supposed to change anything in MAD, so no need for the
Publisher.

That'll be true until somebody does a password change in MAD.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support provided via email.
If you find this post helpful, please click on the star below.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.