One way directory synchronization

Similar Messages

• One way directory synchronization - a how to guide please

  I need to synchronize Microsoft AD (slave) from Oracle Internet Directory (master) - one way - all updates/add/deletes will be in OID, replicated to AD.
  The source OID context is cn=orclContext,dc=world
  The target AD context is cn=orclContext, ou=Oracle TNS, ou=Global Applications, dc=gsk, dc=com
  Not using the ADMINISTRATOR account (company has minimum necessary privileges approach)
  Are there any metalink notes on how to do this?
  Any help greatfully received.

  I forgot to mention, we are using Oracle 9.2.0.8 OID (not part of OAS) - hence posting in database forum, but will also post in Application Server forum.

• 2 way sync - but calendar only one way?

  Hi!
  I've just performed the first 2 way sync between my Outlook 2007 and my Z10. Surprisingly my contacts have not doubled up - which is good. But regarding the calendar the sync worked from my Outlook to my Z10 but the items on my Z10 were not added to my Outlook. Obviously I've missed something - or it's not really a 2 way sync????
  Solved!
  Go to Solution.

  Hello nmbpc,
  Welcome to the BlackBerry Support Community.
  Thank you for your question regarding one way Calendar synchronization on your BlackBerry Z10 smartphone.
  Which version of BlackBerry Link are you using currently and which version of BlackBerry Device Software do you have installed under Settings - About?
  -FB
  Come follow your BlackBerry Technical Team on Twitter! @BlackBerryHelp
  Be sure to click Kudos! for those who have helped you.
  Click "Accept as a Solution" for posts that have solved your issue(s)!

• Can AD object attributes be modified on Azure Active Directory when using DirSync for one way synchronization?

  An organization with on premise AD is deploying Office 365. We plan to use DirSync to replicate (no passwords) internal users
  with Azure AD for users to login and will use a third party FIM solution.
  What I'm wondering is though this synchronization is one way (except a couple of fields - no passwords):
  Can an authorized user change attributes of a synched AD object directly on Azure AD?
  If yes, how would such a change be handled during the next synchronization operation?
  Would the value be overwritten to the one in source of truth on premise AD
  Would the value be ignored since there was no ‘change’ in the value at the source of truth on premise AD system?
  Prompt responses would be much appreciated!
  Thanks

  Hi Mike, 
  Thank you for your response. I understand that the master is the on-premise AD. Let me rephrase my question.
  As part of object synchronization, An object X with its 50 attributes is synchronized to Azure AD. 
  Is there any way for an administrator/other role to access and modify any attribute of the synchronized object on Azure AD directly. I understand
  that re-synchronization schedule
  is every 4 hours and at the time of such a synchronization the modified values (if any) will be overwritten restoring 'order'.

• One way "synchronize"

  Is it possible to have a one-way "synchronize" (I know technically that's not a synchronize, more a copy). Basically, what I want to do is synchronize my Palm (Treo 650) with my home computer and work computer, but I don't want all my personal stuff (contacts, appointments and stuff) to be copied to my work computer.
  I synchronize the work computer with Outlook and want this to be a one way copy (from PC to Palm), so that I have all my meetings, etc on the Palm.
  I synchronize the home computer with Palm Desktop and want this to be the actual full synchronize / backup.
  Is this possible? Is there 3rd party software that can do this if the Palm conduits / software can't?
  Post relates to: Treo 650 (Telus Mobility)

  Did you get a reply on how to get updates from your work Outlook without overwritting your personal data on the Palm and still not sending down the personal data to your work Outlook?
  I have the same issue.
  Thanks

• Iphone 5 - only one way synchronization with iCal

  Hello community,
  Since I have my new iPhone 5 the calendar synchronization is not working properly anymore which means only one way from iCal to iPhone but not the other direction. I could not found a solution in the diverse support communities so maybe you have an idea what the error might be?
  I am synchronizing locally via iTunes from a Mac Book Pro and I am not using iCloud.
  It would be great if you could help.
  Greetings from Zurich,
  Heike Anna

  This is generally an indication that the synchronization framework on your machine is not handling data changes properly, and must be reset.
  To reset it, launch iSync—that's right: iSync, not iTunes—then…
  • open the Preferences… dialog
  • press the Reset Sync History button
  That will remove the records currently stored in your truth database, and force a first-time, slow synchronization event when you next launch one in iTunes.

• Active Directory: One Way Trust from NT Domain to 2003 Domain being upgraded to 2012 R2

  We have an old legacy NT 4 domain that is slowly being decommissioned. (Slowly is the key word) Currently there is a one way External Trust between those NT 4 domains and a child domain that is at 2003 functionality. We are in the middle of upgrading
  those child domain and the root domain to 2012 R2.  My only concern right now and I can't seem to find concert proof either way, but will that external one way trust break when upgrading the forest and domain functionality to 2012 R2 once we
  have all our DC's upgraded?  I have read articles on how to get that trust to work in a 2008 R2 domain and of course it is working with the existing 2003 domain.
  In theory the trust should break, correct?  However, I know there are some security changes among other things in 2012 that may or may not work. 
  Kristopher Turner | Not the brightest bulb but by far not the dimmest bulb.

  Yes.  We are working with the client to migrate any dependencies off these 3 NT legacy domains. We will be able to decommission 2 of the 3 without any issues. However, they still have an old NT box running SQL 6.5 databases for a application still in
  production. Yes, they are very aware that NT isn't supported, that that version of SQL isn't supported, and that this will hold up their upgrade.
  Our plans for them will be to deploy all new Windows Server 2012 R2 domain controllers but keep the domain and the forest functionality at 2003 in order to support that final NT Legacy domain until they can get that application migrated.
  Once that NT domain is decommissioned then we can raise the functionality of the rest of their domains from 2003 to 2012 R2.
  Kristopher Turner | Not the brightest bulb but by far not the dimmest bulb.

• One way synchronization

  Hi, is there any way to synchronize from mobile phone to iCal only? I make all the changes in mobile phone and need to synchronize with iCal only to be able to sync my Google calender with phone... I accidentally deleted something in iCal and got the same delete in mobile...:-(

  After the initial sync, syncing always takes place in both directions - otherwise it wouldn't be syncing.
  If you have made changes on the phone since the last sync, when you next sync those changes will be transferred to the Mac.
  If you're worried about losing data, backup your calendars on the Mac first (see here).
  In your case, probably the best option is to update iCal to how you want it and then choose "Reset Device..." from the "Devices" menu in iSync to overwrite the phone with all the latest data from your Mac. Then everything should be in sync again.

• Configure one way outbound hybrid search

  I have been trying to configure one way outbound hybrid search but in the process getting no search results from SharePoint Online.
  I have created a SharePoint Farm on windows azure. I have installed Active Directory on one server which will act as my domain controller. I have one DB server and one SharePoint server. Besides this I have created another server which I have used for Synchronization
  purpose. I have used Azure Active Directory Connect to sync my users to SharePoint Online. 
  As far as the syncing part is concerned, I have been able to do the same. 
  Now, for configuring one way outbound search, I have followed the steps like
  1. Creating self signed certificate and replacing the STS certificate on my SharePoint server.
  2. Configured S2S authentication using PowerShell.
  3. Necessary services are up and running.
  4. Result Source and Query Rule for SPO.
  I can see the ACS trust established in the Central Admin. 
  Also I have verified that the UPN is same.
  When I create the Result Source, (used protocol as Remote with SPO url) I don't see the SPO results. Although if i test the connection, it comes as successful.
  I can just see SharePoint on-premise results.
  Below are the links that I have referred in setting up my environment
  http://blogs.msdn.com/b/spses/archive/2013/10/22/office-365-configure-hybrid-search-with-directory-synchronization.aspx
  http://blogs.technet.com/b/wbaer/archive/2014/03/24/one-way-outbound-hybrid-search-step-by-step-and-onedrive-for-business.aspx
  https://technet.microsoft.com/en-us/library/dn607305.aspx
  https://technet.microsoft.com/en-us/library/dn197169(v=office.15).aspx
  http://sharepointconnoisseur.blogspot.in/2015/01/ultimate-procedure-to-display.html
  Any inputs in this regards would be really helpful !Thanks,
  Geetanjali
  Geetanjali Arora | My blogs |

  Hi Geetanjali,
  Based on your description, I recommend to verify the things below:
  Check if the web application has configured to use Integrated Windows authentication using NTLM as authentication type in SharePoint server.
  Check if the testing account for doing search is a federated user account.
  https://technet.microsoft.com/en-us/library/dn607319.aspx
  Thanks,
  Victoria
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Victoria Xia
  TechNet Community Support

• Active Directory synchronization working, authentication not on CUBM BE5000 8.6(1a)

  I successfully set up Active Directory synchronization between my CUCM BE5000 appliance running 8.6(1a) and our Windows 2008 Server Active Directory.  Users are replicating successfully, but authentication is not working even though I am using the same LDAP manager distinguished name and password for both.  I have a suspicion to the cause of this problem but for the record, the following is my relevant configuration:
  System/LDAP/LDAP System:
  LDAP Server Type Microsoft Active Directory iPlanet or Sun ONE LDAP Server OpenLDAP Microsoft Active Directory Application Mode
  LDAP Attribute for User ID userPrincipalName sAMAccountName mail employeeNumber telephoneNumber
  LDAP Server Type: Microsoft Active Directory
  LDAP Attribute for User ID: userPrincipalName
  System/LDAP/LDAP Directory:
  LDAP Configuration Name: bgctnv.local
  LDAP Manager Distinguished Name: CN=cm.sync,OU=BGCTNV Users,DC=bgctnv,DC=local
  LDAP User Search Base: DC=bgctnv,DC=local
  LDAP Server Information: bgctnv.local, port 389 (to query any domain controller in DNS; I have also tried specific IP addresses)
  System/LDAP/LDAP Authentication:
  LDAP Manager Distinguished Name: CN=cm.sync,OU=BGCTNV Users,DC=bgctnv,DC=local
  LDAP User Search Base: LDAP user search base is formed using the User ID information (pre-populated, I cannot change this)
  LDAP Server Information: bgctnv.local, port 3268
  All of my Active Directory users are now populated and active under End Users.  However, I am not able to log into /ccmuser among other things using my valid domain credentials.  I am a super user as well as a standard end user.
  Curiously, invalid usernames (userPrincipalName in my case) return the error "Log on failed - Invalid User ID or Password" while a valid username, with or without the correct password, returns only "Log on failed."  That seems to imply that some part of the authentication or LDAP bind is taking place.
  Here's the catch.  The base domain here is bgctnv.local while we use bgctnv.org as a valid and acceptable alternative UPN suffix in Active Directory.  Every Microsoft and every third-party program I have used will accept [email protected], but I'm beginning to think that CM will not, or is having some sort of translation issue.  I read that alternative suffixes can cause problems in Active Directory forests with multiple trees, but this is a vanilla, single domain environment.
  I don't even know where to look to debug this issue.  Has anyone seen this before or can anyone tell me where to look for logs?
  Thanks,
  John

  I found the following:
  http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/8x/directry.html
  As mentioned in the section on LDAP Synchronization, in order to support synchronization with an AD forest that has multiple trees, the UserPrincipalName (UPN) attribute must be used as the user ID within Unified CM. When the user ID is the UPN, the LDAP authentication configuration page within Unified CM Administration does not allow you to enter the LDAP Search Base field, but instead it displays the note, "LDAP user search base is formed using userid information."
  This may help in some situations where there are multiple trees in an AD forest, but it is definitely not the solution.  Even with multiple trees, it is common to use alternative UPN suffixes.  Nothing in AD requires or even recommends that you exclusively use your AD domain root as the UPN suffix.
  For example, company.local may use company.com as an alternative but primary UPN suffix to provide simplicity for users.  Users can then achieve more broad SSO capabilities by using their familiar email credentials when authenticating for company.local services.
  When using UserPrincipalName as the LDAP synchronization attribute for the CM User ID, the configuration requires that the search base for authentication be derived from the UPN suffix, regardless of whether it is a single domain or multiple trees within a forest.  This makes it impossible to authenticate by UPN unless your UPN is explicitly your root domain name.  From the example above, CM would try to bind [email protected] against DC=company,DC=com instead of the correct DC=company,DC=local.
  The logical solution would be to allow the administrator the option.  Why not have a choice of whether to generate the user search base from the userid (UPN) information, or be able to specify the search base as well like it allows with any other synchronization attribute?
  Would this be a feature request, bug report, or neither?  I'd really appreciate it if Cisco considered this but I don't know the proper channel.

• One way trust relationship between different domain windows server 2012 in different forest

  I'd like to build trust correctly between the domains A.local and B.int. A.local is on a Windows 2012 . B.int is on a Windows 2012 . Both machines are
  connected to the same LAN. The forest level in A.local
  machine is Windows Server 2008 and The forest level in B.int
  is Windows server 2012.
  I want a one-way trust relationship, i.e. users from A.local gain access to B.local.
  my problem it i create the trust put when i go to validate the trust between A.Local and B.int give me this error :
   The secure channel (SC) reset on Active Directory Domain Controller \\dc2.B.int of domain B.int to domain A.Local failed with error: There are currently no logon servers available to service the logon request.
  NOTE : Recently I
  UPGRADE THE Active Directory FROM 2008 R2 TO 2012 and i ping on A.local to B.int
  it is ping by name and IP but from b.int ping by IP JUST >>>
  ihab

  Hi,
  yes i already do it the setup conditional forwarding between the 2 domains and
  the firewall it is off 
  ihab

• Using Sync as a one way backup?

  I have a user with a client mac (MacBook Pro). The MBP actually remains on our network at all times and I want to backup both her Documents and Desktop folders every time she logs out, no need to backup anything else. She has a home folder on our Active Directory controlled file servers. I can manage her AD account via Workgroup Manager because our schema has been extended.
  Is there a way to set up a Home Sync so that it acts as a one way (client to server) backup each time she logs out? I can't use background sync, mainly because of the issues with the MS Database files from Office 2008. I don't actually want to "sync" in this case, just really create a snapshot backup of the 2 folders from her Mac each time she logs out. No history of file versions is required.
  Any info would be greatly appreciated. Thanks!

  you may not find step by step instructions to make it a one way sync. but check the details pane in wgm to add keys to the homesync prefs that may get you close.
  also, check here:
  http://images.apple.com/business/solutions/it/docs/BestPractices_ClientMgmt.pdf
  and on http://afp548.com

• One way sync possible?

  Hi there,
  here my question / problem :
  My phone and my computer at work (PC with Lotus Notes), get synched and it works well. I would like to have the same information also on my home iMac - so far so good with iSync. BUT I do not want any changes on my phone, so MERGING or DELETING information on the phone are a no-go for me.
  Is there a way, to configure iSynch (or any other Synch software), to just synch one way - e.g. to just read out the present items on my phone and transfer them into the mac.
  Thanks for any hint.
  Tom

  It is not possible to explicitly control the directional flow of data during a synchronization event using iSync. iSync is simply designed to do one thing during a standard—as opposed to initial—event: to equate the data stored in each application, on each device and on each server, transferring any additions changes and deletions to and from all applications, devices and servers in your synchronization pool.
  If you do not want to see changes reflected on your mobile handset when you synchronize, you must simply avoid making any changes at all on your computer to the records stored in iCal and the Address Book. No changes = no changed data to transfer to your handset.
  This Apple Developer Note explains the underlying Sync Services Framework technology used to synchronize data in Mac OS X 10.4 or later:
  http://developer.apple.com/macosx/syncservices.html
  You can see from the description of how this works that if no changes are pushed to the truth by iSync on behalf of iCal and the Address Book, there will no changes pulled from it by iSync on behalf of your mobile handset.

• Cannot share documents with few users in one way trusted domain

  Hello
  I am running in a wiered issue. I setup people picker in SP 2013 foundation version to lookup the user from one way trusted domains after which I started getting all the users from that domain in my intranet. I can also share or modify the permission of
  users being administrator. However when I try to add 2 specific users as site collection administrator or try sharing a document, I get error.
  I can lookup their name but when I try changing their permission or share document with them, I get error. It's wiered because it is only with this two users. there is no difference from Active Directory point of view between these and other users. Please
  help or suggest some trouble shooting steps.
  Regards,
  Hardik Bhilota.

  Hi Hardik,
  What was the error message when sharing documents with the two users?
  Please also check the ULS log for detailed error message which is located at C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\LOGS.
  What is the permission of the two users in SharePoint site? Can they access the site?
  Please also run the two commands below to see if the issue still occurs:
  First, on every front-end Web server on a farm run this command:
  STSADM.exe -o setapppassword -password key
  Second, on a front-end Web server run this command:
  STSADM.exe -o setproperty -pn peoplepicker-searchadforests -pv domain:DnsName,user,password -url http:// webapp
  Best regards.
  Thanks
  Victoria Xia
  TechNet Community Support

• Want to wireless sync AND sync to outlook (one-way is OK)

  For a long time I have just been syncing to outlook on my desktop. Now my job requires that I have wireless sync to the online calendar at work. Only my calendar syncs wirelessly. I can still sync notes, tasks, contacts to outlook.
  I would like to be able to do at least a one-way sync from device to outlook. I tried temporarily disabling the wireless sync on the calendar, but it didn't work.
  So, in a nutshell, how can I wirelessly sync to my work calendar, AND desktop sync to outlook at home.
  Is there a work-around for this?
  9630 / Sprint

  Hi plovett and welcome to the BlackBerry Support Community Forums!
  Just to clarify, you only want to synchronize your calendar wirelessly to work and the rest you want to synchronize with your desktop at home?
  Thanks
  -CptS
  Come follow your BlackBerry Technical Team on twitter! @BlackBerryHelp
  Be sure to click Kudos! for those who have helped you.Click Solution? for posts that have solved your issue(s)!