Synchronizing data from an Active Directory Domain Services (AD DS) forest to the configuration set of an Active Directory Lightweight Directory Services (AD LDS) instance requires two steps:
- Prepare the AD LDS instance for synchronization.
- Synchronize the data.
Typically, you perform the first step only once. You perform the second step whenever you want to update the AD LDS instance.
Membership in the Administrators group of the AD LDS instance is the minimum required to complete this procedure. By default, the security principal that you specify as the AD LDS administrator during AD LDS setup becomes a member of the Administrators group in the configuration partition. For more information about AD LDS groups, see Understanding AD LDS Users and Groups.
Preparing an AD LDS instance for synchronization
To prepare an AD LDS instance for synchronization |
-
Open a command prompt.
-
At the command prompt, type the following command, and then press ENTER:
cd %windir%\adam
-
Do one of the following:
- To prepare to synchronize an AD LDS
instance with a Windows Server 2003 forest, type the
following command, and then press ENTER:
ldifde -i -u -f ms-adamschemaw2k3.ldf -s server:port -b user_name domain password -j . -c "cn=Configuration,dc=X" #configurationNamingContext
- To prepare to synchronize an AD LDS
instance with a Windows Server 2008 R2 forest, type the
following command, and then press ENTER:
ldifde -i -u -f ms-adamschemaw2k8.ldf -s server:port -b user_name domain password -j . -c "cn=Configuration,dc=X" #configurationNamingContext
Important You must include the period (.) between -j and -c.
- To prepare to synchronize an AD LDS
instance with a Windows Server 2003 forest, type the
following command, and then press ENTER:
-
Type the following command, and then press ENTER:
ldifde -i -s server:port -c CN=Configuration,DC=X #ConfigurationNamingContext -f MS-AdamSyncMetadata.ldf
-
Type the following command, and then press ENTER:
notepad MS-AdamSyncConf.xml
-
In Notepad, make the following changes to the contents of the configuration file:
- Replace the value of <source-ad-name>
with the name of the source AD DS domain controller.
- Replace the value of
<source-ad-partition> with the distinguished name of the
source domain.
- Replace the value of
<source-ad-account> with the name of an account in the Domain
Admins group of the source domain.
- Replace the value of <account-domain>
with the fully qualified Domain Name System (DNS) name of the
source domain.
- Replace the value of <target-dn> with
the name of the partition of the target AD LDS instance.
- Replace the value of <base-dn> with the
base distinguished name of the source domain.
- Replace the value of <source-ad-name>
with the name of the source AD DS domain controller.
-
In Notepad, on the File menu, click Save As, type a new name for the file, click Save, and then close Notepad.
-
At the command prompt, type the following command, substituting the file name that was used in the previous step for xml_file, and then press ENTER:
adamsync /install server:port .xml_file
After you prepare the AD LDS instance for synchronization, you can perform the following procedure as needed to synchronize data from the specified AD DS forest to the AD LDS instance.
Synchronizing AD DS forest data to an AD LDS instance
To synchronize AD DS forest data to an AD LDS instance |
-
At a command prompt, type the following command, and then press ENTER:
adamsync /sync server:port configuration_dn /log
Additional considerations
- To open a command prompt, click Start,
right-click Command Prompt, and then click Run as
administrator.
- The following table contains the parameters
for the preceding procedures and other commonly used
adamsync parameters. For more information about
adamsync parameters, at a command prompt, type adamsync
/?, and then press ENTER.
Parameter Description /?
Displays command-line options.
/i or /install input_file
Installs the configuration that is contained in the specified input file.
/sync configuration_dn
Synchronizes the specified configuration.
/fs configuration_dn
Performs a full replication synchronization for the specified configuration.
/ageall configuration_dn
Performs an aging search for the specified configuration. An aging search determines—by searching for the AD LDS objects in AD DS—if the AD LDS objects in a configuration have been deleted in AD DS.
/so configuration_dn object_dn
Performs a replication synchronization for the specified object in the specified configuration. Use the distinguished name of the object.
- You must have Read or Dirsync access to the
objects or partitions in the AD DS forest that you want to
synchronize.
- You must have full control of an application
directory partition on an AD LDS instance to run this
command.