A Active Directory Sync Source represents a topology of Active Directory servers and uses the DirSync control to detect changes.
↓Parent Component
↓Relations from This Component
↓Properties
↓dsconfig Usage
The Active Directory Sync Source component inherits from the LDAP Sync Source
The following components have a direct aggregation relation from Active Directory Sync Sources:
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| ↓ description | ↓ response-timeout |
| ↓ base-dn | ↓ max-failover-error-code-frequency |
| ↓ server | ↓ plugin |
| Description | A description for this Sync Source |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the base DN of the servers referenced by the AD Sync Source. The base DN is used as the base of LDAP searches when locating entries. The server will only synchronize changes at or below this base DN, but when detecting changes, the server will adjust this if needed to match the Active Directory root partition. |
| Default Value | None |
| Allowed Values | A valid DN. |
| Multi-Valued | Yes |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the Active Directory domain controllers that should be used as the source of synchronization. The order of values is important as it is used as a priority order for failover. When a location is defined on the Data Sync Server, it will always prefer to fail over to external servers in that same location or in one of the preferred failover locations for that location. If there are multiple external servers available in the target location, then the Data Sync Server will prefer the earliest one in this list and then work its way down. If there is no location defined on the Data Sync Server or if there are no external servers configured in the target location or any of the preferred failover locations, then the Data Sync Server will work its way down the list of servers in the order they are listed here. |
| Default Value | None |
| Allowed Values | The DN of any Active Directory External Server. |
| Multi-Valued | Yes |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
response-timeout (Advanced Property)
| Description | Specifies the maximum length of time that an operation should be allowed to block while waiting for a response from the server. A value of zero indicates that there should be no client-side timeout; the server's default will be used. This property indicates how long the Data Sync Server should wait for a response from a search request to a source server before failing with LDAP result code 85 (client-side timeout). When this happens, the Sync Source will retry the request according to the max-failover-error-code-frequency property before failing over to a different source server and performing the retry there. The total number of retries will not exceed the max-operation-attempts value defined in the Sync Pipe configuration. |
| Default Value | 1 m |
| Allowed Values | A duration. Lower limit is 0 milliseconds. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
max-failover-error-code-frequency (Advanced Property)
| Description | This property controls the frequency of how often a given LDAP error code may be encountered on a connection before the Data Sync Server fails over to a different source server. This allows the retry logic to be tuned, so that retries can be performed once on the same server before giving up and trying another server. The value can be set to zero if there is no acceptable error code frequency and failover should happen immediately. It can also be set to a very small value (such as 10 ms) if a high frequency of error codes is tolerable. As an example, if the value is set to 3 minutes, this says that a TIMEOUT error code from the currently connected server will not trigger a failover unless there was another TIMEOUT from the same server within the last 3 minutes. This property applies to all LDAP result codes except the following:
|
| Default Value | 3 m |
| Allowed Values | A duration. Lower limit is 0 milliseconds. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies sync source plugins that should be applied to operations that are synchronized by this LDAP Sync Source. If multiple plugins are provided, then they will be invoked in the order they are specified. |
| Default Value | None |
| Allowed Values | The DN of any LDAP Sync Source Plugin. |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
To list the configured Sync Sources:
dsconfig list-sync-sources
[--property {propertyName}] ...
To view the configuration for an existing Sync Source:
dsconfig get-sync-source-prop
--source-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing Sync Source:
dsconfig set-sync-source-prop
--source-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new Active Directory Sync Source:
dsconfig create-sync-source
--source-name {name}
--type {type}
--set base-dn:{propertyValue}
--set server:{propertyValue}
[--set {propertyName}:{propertyValue}] ...
To delete an existing Sync Source:
dsconfig delete-sync-source
--source-name {name}