Directory Syncronization

Similar Messages

• License Requirements for Directory Syncronization

  I have small customer that wants to implement FIM between two systems.  The customer is about 500 users, but their parent is about 100,000.  Their goal is to synchronize with their parent's LDAP directory to contacts in their Exchange 2010 environment.
   Would they need 100,500 client access licenses for this?  
  Thanks,
  Joseph M. Durnal 
  Joseph M. Durnal MCITP: Enterprise Messaging Administrator

  Hi, good morning!
  I am in the same situation as Joseph M. Durnal, I noticed that the FIM licence it cost about 15000$ for the full suite. However We only need the REPLICATION SERVICE for address book of Exchange 2010 between two different DOMAINs. So, it would be posible
  to purchase just this aplication and pay less money for the license? For us 15000$ is too much...
  Thanks in advance,
  Enrique PUERTO,
  Enterprise System and Messaging Administrator.

• Deactivation of Directory Syncronization seemingly stuck

  Hi,
  I've ran into a problem that has brought our directory rollout to a standstill. If someone could provide some insight on how to proceed I would be very appreciative.
  Approximately 120 hours ago I disabled directory synchronization from within the portal. The message claims that this should have complete within 72 hours.
  There were only a few hundred users in the AD and I deleted the users and emptied the recycle bin prior to disabling the sync.
  I want to re-enabling the synchronization but against a different AD. Unfortunately until deactivation is complete It won't allow me to do this.

  Hi,
  If you enabled directory synchronization for the first time, activation may require up to 24 hours.
  If you re-enabled directory synchronization, activation may require 72 hours. For more information, see the following Microsoft Knowledge Base article:
  If you disabled directory synchronization, deactivation may require up to 72 hours.
  Follow the steps from this article and check if it helps.
  https://support.microsoft.com/kb/2654338?wa=wsignin1.0
  Regards,
  Azam khan

• Cannot get Unity 8.0 to syncronize with Active Directory

  Hi All,
     any help/advice will be greatly appreciated here.  Pulling my hair out on this one.  So we installed our CUC 8.0.2 a few years ago.  At the time, CUC was setup to sync with LDAP, our windows AD.  Filters were defined, etc.  All has been fine until recently.  Unfortunately I cannot define recent - not sure when this started.  I normally don't deal with CUC, but I am now.  Basically we either modify or add users in AD and they are not showing up in CUC->users.  I actually have 1 user where this person took over for another and in CUC/users half their info is the last user and half is the new user.  Weird stuff.
  I don't know what the issue is.  To my knowledge nothing has changed either in CUC or AD.  I attempted a wireshark sniff only to find out that infact LDAP queries were successful from my unity server to domain controller. 
  I then turned on dirsync on one of the unity servers, looked at the logs using the RTMT and specifically dealing with the user above, I see that unity successfully queries AD and AD cleary responds with the user attributes.  But even in the log it states that nothing has changed with the user.  I went a head and changed some of the attributes on the user that are mandatory in our CUC setup, performed another sync, and still no change. 
  I have 3 domain controllers, 2 unity servers (sub and pri).  No matter which unity server I attempt the sync from or which domain controller I list as #1 on the list in the CUC setup, no changes are made.  This is really frustrating.  I have 1 windows 2008 R2 DC and 2 windows 2003 DC's (at present time) each is also a GC.
  I rebooted both unity servers (utils system restart) waited a while after the first server rebooted came back online before I did the second.  Still no change.
  Can anyone suggest where I can look to find the answer as to what is going on?
  thank you in advance for any ideas.

  Renaming a Cisco Unity 8.x Server or  Moving a Cisco Unity 8.x Server to Another Domain
  http://www.cisco.com/en/US/docs/voice_ip_comm/unity/8x/upgrade/guide/8xcurug080.html
  HTH
  java
  if this helps, please rate
  www.cisco.com/go/pdihelpdesk

• Syncronization: How can i store mail for different accounts remotely, and copy most important mails manually to local folders on two devices?

  Hello. I have two devices and two accounts, so what i want is this:
  I only want to store mail from both accounts in a remote place and copy most important mails to local folders.
  (I will be grateful for any ideas as to where/how this "cloud" can be - specially free places)
  * Can I have a copy of these local folders in both devices and the remote storage?
  * Could i synchronize devices so that: when i move a mail to a local folder in any device, its copied to the same folders in
  the other device and the remote storage place?
  * The remote storage place will have many other folders. When I open Thunderbird, I also want to see these and the mail
  inside, and also be able to move mail from the inbox to these folders.
  * One of the accounts is gmail. In Account Setting tool, there is an option for synchronization. If there is no easier way, I can have mail for other account copied to gmail, and just syncronize gmail mail. For this, how will I copy my present folder structure to gmail. And how can I syncronize the local folders on the two devices?
  Thanks in advance.

  The first awkwardness I see is that there's no obvious format in which to store messages remotely such that you can work with them in an email client. It may be possible to set the "Local Directory" option in the account in Thunderbird to point at some remote folder (DropBox comes to mind) but I have never tried this and I'd be nervous about what happens if connection can't be made, or if you happened to access it from two different places simultaneously. The other concern is that mail stores get big, quickly, and you'd be forever uploading and downloading large (multi gigabyte) files. Thunderbird stores what looks like a folder containing many separate messages as one big file, so there's no simple opportunity for incremental changes to be up/down loaded.
  The whole idea of Local Folders in Thunderbird is to detach messages from servers, so they don't track what happens on servers. I say this to point out the distinction between files stored locally and permanently ("Local Folders"), versus cached copies of online files ("synchronized"). It's not safe to regard your synchronized folders as permanent.
  So, synchronized folders on an IMAP server are "mirrored" in Thunderbird so you do have a local (albeit temporary and transient) copy of messages; this is done mainly to avoid repeatedly downloading messages if you re-read them, and it makes searching faster an more efficient. But these "synchronized" message track what's being done on the server, and so if they are deleted anywhere, all synchronized devices will at some point also see the deleted messages vanishing. (Unless you made a local copy in the Local Folders account.)
  I use a gmail account pretty much as you have described; I copy or move messages to that account so they are visible in my phone, my tablet, my own laptop and my works computer. It's free, and it's "in the cloud"; the only reservation I have is its privacy. There are other providers (e.g. 1&1/gmx) who don't seem to have the data collection fetish that google thrives on.
  It's fairly simple to create filters in Thunderbird to automatically copy messages to your "cloud account"; even better is to set up forwarding rules on the other accounts' servers, so your messages are automatically sent on and waiting for you when you next login, already in the cloud account.

• Active directory to oid sync

  hi all,
  recently i've been given the assignment of sync one Active Directory to one OID.
  Said so seams easy .....
  ...... so I installed a fresh copy of Win2000 adv server with Active Directory PLUS another Win2000 adv server with Oracle AS infra.
  Then a got a copy of this document:
  http://www.oracle.com/technology/obe/obe_as_10g/im/ads_import/import.htm?_template=/ocom/technology/content/print
  unfortunately the "dipassistant" command at the end of the document comes out with an error:
  dipassistant ERROR: DIP_GEN_UNKNOWN_FAILURE
  I also looked on metalink for some help, and I found the note n. 267153.1
  At the begining of the document it is explained how to verify if it possible to read the "container": cn=users,dc=domain,dc=com
  Running an ldapsearch on the Active Directory is usefull for verifying any access issues.....
  The command does not come out with errors, but it also does not come out with any output (I put few users on the Active Dir).
  Thank you in advance for the time

  Thanks Andres,
  I tried to query the Active directory in the way you said ....but nothing !
  ldapsearch
  -p 389
  -h adhost
  -D "cn=Administrator,cn=users,dc=domain,dc=com" \
  -w "mypassword"
  -b "cn=users.oracle.com"
  -s base "objectclass=*"
  and in these formats too:
  (-b "dc=users.paan.com"
  -b "cn=users,dc=paan,dc=com)
  I'm really lost, what else could be wrong ?
  I'm wondering if there is anything missing from the document i'm following for the Sync.
  http://www.oracle.com/technology/obe/obe_as_10g/im/ads_import/import.htm?_template=/ocom/technology/content/print
  Conceptually the syncronization seams to be a straighforward process, but in reality I find it quite complicated...........maybe i'm missing some key information.....
  Any ideas to suggest ?
  thank

• Oracle BPM directory database

  Hi,
  IHAC that has a custom application to manage their users and roles. They are using Oracle BPM and they want to keep creating, managing and authenticating user with that application, that is not a LDAP.
  How can I syncronize the creation/updating/deleting/ of users in their application with the Oracle BPM Directory? I have been looking for Oracle BPM Directory schema documentation but I haven't found anything
  I know that activating SSO I could manage the user authentication but I still have the issue about users administration
  thanks in advance
  Ana
  Edited by: user_Ana on Apr 7, 2010 5:40 PM
  Edited by: user_Ana on Apr 7, 2010 5:41 PM

  Hi
  In OBPM 10gR3 we can create the participants & manage & update user roles dynamically using the FDI components.
  simple solution to your requirement is check the user roles in both the application DB & in FDI database & write your code accordingly.
  To check the participant existance in directory DB:
  //=======FDI Participant verfication=======
  Fuego.Lib.Participant primary = Participant.find(name : "participant_id"));.
  If the above value is null then create a new participant & assign the roles using the below code.
  i. Participant Creation : Fuego.FDI. DirHumanParticipant
  Ans: // Reuse Engine session to the Directory
  session = DirectorySession.currentEngineSession
  // Load the Organization Unit to which the participant will belong to
  myOU = DirOrganizationalUnit.fetch(dir : session, id : "Dallas")
  // Load the Role that the participant will have assigned,
  // and create a role assignment for it
  myRole = DirOrganizationalRole.fetch(session : session, id : "Role1")
  myAssignment[] = RoleAssignment.create(role : myRole, permissions : 255)
  // Create the new participant.
  myparticipant = DirHumanParticipant.create(
  session : session, id : "example_participant",
  firstName : "NewName",
  lastName : "NewLastname,
  displayName : "NewLastname, NewName",
  mail : "[email protected]",
  telephone : "0000000000",
  fax : "1111111111",
  password : "secret",
  ou : myOU, rolesAssignment : myAssignment,
  enabled : true)
  // set it NOT to receive emails when new instances arrive to
  // this participant inbox:
  myparticipant using receivesMail = false
  ii. Role Assign / Update : Fuego.Fdi : RoleAssignment.
  Ans:
  // fetch all roles
  mySession = DirectorySession.currentEngineSession
  allroles = DirOrganizationalRole.fetchAll(session : mySession)
  // Generate array of RoleAssignments for all non-parametric Roles
  for each r in allroles
  do
  aRole = DirOrganizationalRole.fetch(session : mySession, id : r.id)
  if not aRole.parametric then
  newAssignments[] = RoleAssignment.create(role : aRole,
  permissions : 255)
  end
  end
  // Replace role assignments for this participant
  currentPart = DirHumanParticipant.fetch(session : mySession,
  id : Participant.id)
  currentPart.rolesAssignment = newAssignments
  update currentPart
  For reference go through the this link: http://download.oracle.com/docs/cd/E13154_01/bpm/docs65/standard_components/index.html
  I hope this might help.
  Thanks

• Corrupted ldap directory - URGENT

  We are successfully corrupting our ldap directory when using the jndi
  1.1 interface with concurrent users on a weblogic 5.1 server. If 2
  users try to load the same ldif import file at the same time (don't
  ask why) then when an exception occurs, SOMETIMES jndi does not appear
  to rollback properly but adds the existing entry into another part of
  the directory at the same time as reporting the following error.
  javax.naming.NameAlreadyBoundException: [LDAP: error code 68 - Entry
  Already Exists];
  We presume there is a syncronization problem with JNDI clearing its
  stack or something.
  Has anyone had a similar problem and if so how did they solve it?
  Will a more up to date version of weblogic solve the problem?
  Thanks

  We use IBM Secureway 3.2.1 on W2K platform. But as we can load the
  files concurrently using native tools without corruption it is
  unlikely to be the Directory Server.
  William Morris <[email protected]> wrote in message news:<[email protected]>...
  What Directory Server do you use that is being corrupted? It may be a
  bug in the server.
  --Will
  Hilary Bannister wrote:
  We are successfully corrupting our ldap directory when using the jndi
  1.1 interface with concurrent users on a weblogic 5.1 server. If 2
  users try to load the same ldif import file at the same time (don't
  ask why) then when an exception occurs, SOMETIMES jndi does not appear
  to rollback properly but adds the existing entry into another part of
  the directory at the same time as reporting the following error.
  javax.naming.NameAlreadyBoundException: [LDAP: error code 68 - Entry
  Already Exists];
  We presume there is a syncronization problem with JNDI clearing its
  stack or something.
  Has anyone had a similar problem and if so how did they solve it?
  Will a more up to date version of weblogic solve the problem?
  Thanks

• PSE 13 album syncronization to iPad/iPhone

  Has aynone an idea how to syncronize my well structured PSE13 Albums to iPad and iPhone? In earlier versions of PSE you can easily syncronize all albums, but from version 13 the function is not available anymore. You can only, as before, syncronize directories, not PSE13-specific albums. Are there any apps or something available that can help me? Please advise.

  "A couple of people have reported this, but it seems to take a few hours and then it turns up."
  I thought this was a silly answer, but apparently it's true. At first all iTunes offered was to sync folders from the Pictures directory, not albums from the Mac Photos app. But, after a while, indeed iTunes now suddenly and surprisingly offers to "Copy photos from Photos", and allows the selection of albums.
  Apparently there is some processing that needs to finish after the (lengthy) import process from iPhoto. I also see a "photolibraryd" process.
  I did restart iTunes meanwhile, but I don't know if that was necessary.
  I seem to have clicked the "Use as System Photo Library" button in the preferences, but I don't know if that had any influence.
  All in all I do not like this transition at all. It keeps you in the dark of what is happening.
  Thanks Terence!
  rick

• Syncing Active Directory Groups for Unity Distribution Groups

  We have multiple remote stores with managers that move around quite a bit. This poses an administration nightmare when trying to keep voicemail distribution lists up to date. Is there a way to syncronize an active directory group to a Unity voicemail distribution group? Therefore when we move a manager around in ADS the user automatically moves in Unity.

  Unfortunately this feature has not been re-implemented in Unity Connection. This is one of the few things from Unity that I miss. I suggest voicing your desire for this as a feature enhancement with your Cisco AM.
  If you are doing that many changes you may want to consider going through the Cisco Unity Connection Provisioning Interface. At least you could script the changes there using code that checked AD group membership and replicated the changes into CUC.

• Migrating frop Active Directory to Open Directory

  I have a list of about 25 users currently housed on a windows 2003 small business server. I am moving the email system from exchange to zimbra currently however I would like to completely remove the original server and then only having the new xserve system in place. This means the domain controller will then be the xserve, is there an easy way to migrate the users over(they have nothing on the active directory server but a username and password, nothing fancy). I would also like to create a global samba share for the office, in this share all users would have read / write access. Is there a simple way to accomplish this?

  Thanks Andres,
  I tried to query the Active directory in the way you said ....but nothing !
  ldapsearch
  -p 389
  -h adhost
  -D "cn=Administrator,cn=users,dc=domain,dc=com" \
  -w "mypassword"
  -b "cn=users.oracle.com"
  -s base "objectclass=*"
  and in these formats too:
  (-b "dc=users.paan.com"
  -b "cn=users,dc=paan,dc=com)
  I'm really lost, what else could be wrong ?
  I'm wondering if there is anything missing from the document i'm following for the Sync.
  http://www.oracle.com/technology/obe/obe_as_10g/im/ads_import/import.htm?_template=/ocom/technology/content/print
  Conceptually the syncronization seams to be a straighforward process, but in reality I find it quite complicated...........maybe i'm missing some key information.....
  Any ideas to suggest ?
  thank

• Active Directory Access and Synchronization with R/3

  Dear All,
  What I have understood till now about users being maintained in Active Directory is: there are no Roles in Active Directory, users are to be assigned to Groups in the Active Directory.
  My requirement is: I have to maintain the users in Active Directory, and ensure they are in sync with my BW system CUA.
  First question is: Can we maintain users and roles in CUA?
  If I want to synchronize between Active Directory and CUA, do I always need the EP to play a part? If not, what are my alternatives?
  My second requirement is: I have to get the users and roles ( partly from Active Directory  via LDAP Connector, and partly from BW CUA ), the challenge being, I am getting users from the Active Directory, how will I determine the role it is assigned to in CUA?
  I will have the group of the user from Active Directory, where and how do I determine what is the role assigned to this user?
  Please suggest.
  Regards,
  Prosenjit.

  Prosenjit,
  My apologies, I didnt really understand your scenario.
  For your query -- I have to fetch the users from AD, check their roles, and display some relevant data.
  You create the role in portal as assign it to the group (group can be anything either AD Groups, CUA Roles which would be groups on the portal or simple portal groups). Now the role will display the reports as links in the TLN and Detail level navigation however it would only be the authorizations which control what data will be visible to the end user.
  Syncronization between AD - ABAP (CUA) would allow you to sync the user details between both the data sources roles dont come into the pitcure as far as I know and have seen (might be wrong also)
  How will I conclude to which role the user is entitles in the BW side, just by getting the group?
  I suppose you must have developed and then published reports on the portal. You will have to create a user - report matrix and then assign users to approproate groups.
  Do clarify the requirement in further detail if this doesnt solve your issue.

• Microsoft LDAP - OID import and syncronization

  Our company utilizes LDAP from Microsoft. Can OID import and syncronize with it? We do not want to manually have to enter thousands of accounts. Ideally we'd like to import all of our Oracle accounts from it and have it syncronize so all accounts may be centrally managed.
  Thank you!

  The integration that Oracle Portal (really the Login Server) has with LDAP is to implement an external authentication module which allows the Login Server to authenticate the user's provided credentials against an external repository -- in this case, an LDAP server.
  The External Authentication spec provides 3 interfaces which go against the external repository -- authenticate_user, change_password, and reset_password. The module that is shipped with Login Server implements these interfaces with standard LDAP v3 API calls. The authenticate_user is implemented as an ldap_bind_s, the change_password and reset_password are implemented as ldap_modify_s calls on the userPassword attribute. These work as designed with Oracle Internet Directory.
  With Microsoft Active Directory, although ldap_bind_s works fine to do the authentication, the ldap_modify_s calls on the userPassword attribute do not work, since the userPassword is not simply treated as an attribute that can be modified this way on AD. For this reason, and others relating to certification testing, we do not claim any sort of compatibility with Active Directory in this regard.
  However, we are in fact fully 100% LDAP v3 compliant.
  I might also add, that a modified implementation of the LDAP interface written to the external auth spec, may succeed in implementing the change_password and reset_password in a manner compatible with AD, although we do not supply such a module.
  null

• Syncing a specific directory with Mac

  Hi, I don't own an ipad, but I would like to get one to use as an e-reader for the many .pdf documents I need to read.    I have these documents stored in a  directory that is synched between my Mac and my linux computers, and wonder if I can in-turn syncronize this directory between my Mac and ipad.   In other words, if all my documents on my Mac are stored in /Users/me/documents; can I synchronize this directory with the iPad?     Thanks.

  I've done some research, and here's my impression of things.   This may be obvious to an iPad user, but it was not to me.   An iPad is more like a big iPhone (something I don't own) than a computer.   The filesystem is locked down, so you can't see or manipulate files like you would on a computer.    Options are to: 1) use itunes, which doesnt really work so well, especially if you want your iPad to talk to a computer that doesn't have or run itunes; 2) use dropbox.   This works okay, but if you are using dropbox for other stuff, then this could be a problem; 3) jailbreak your iPad, and run rsync and ssh.    My take is the best option is #3.
  In other words, it would seem that an iPad is unweildy to work with if you want to go beyond typically iPhone type uses.    I hope this helps someone.   Personally, I'm disappointed.

• Syncronize software

  I'm trying to figure out how to syncronize two folders the best way, what I want is this:
  1/ Host is a web server, with directory listing
  2/ Client is my computer, running Arch
  3/ I want to compare the web server's files with the ones on my computer. For instance say that:
  A.jpg, B.jpg, C.jpg, D.jpg is on the server and that:
  A.jpg, B.jpg, C.jpg, E.jpg is on the local host, what I want to do is to have some software that downloads the missing files from the webserver, in other words the file D.jpg in this example, but keeps E.jpg which isn't on the server. Basically: download the files from the server that isn't on the client. What is the easiest way to do this?

  tam1138 wrote:rsync
  Tried man rsync, and checked out google, but I cannot figure out how to use rsync for this. Could you explain?