Working with Active Directory
This section describes how to create or modify a connection to Active Directory so that Synchronization Service could work with data in that data system.
To create a connection to Active Directory domain, you need to use Synchronization Service in conjunction with a special connector called Active Directory Connector. This connector is included in the Synchronization Service package.
The Active Directory Connector supports the following features:
Feature |
Supported |
Bidirectional synchronization Allows you to read and write data in the connected data system. |
Yes |
Delta processing mode Allows you to process only the data that has changed in the connected data system since the last synchronization operation, thereby reducing the overall synchronization operation time. |
Yes |
Password synchronization Allows you to synchronize user passwords from an Active Directory domain to the connected data system. |
Yes |
The Active Directory Connector supports linked attributes existing in the Active Directory schema. Linked attributes allow you to establish associations between two objects.
Linked attributes exist in pairs, as follows:
- Forward link attribute. This is a linked attribute that exists on a source object (example: the member attribute on the Group object). Forward link attributes can be single-valued or multivalued.
- Back link attribute. This is a linked attribute that can be specified on a target object (example: the memberOf attribute on the User object). Back link attributes are multivalued and they must have a corresponding forward link attribute. Back link attributes are not stored in Active Directory. Rather, they are calculated based on the corresponding forward link attribute each time a query is issued.
In this section: