Sync Windows SBS 2003 Server AD to Windows XP SP2 ADAM instance

Discussion in 'Active Directory' started by Erwin Bauwens, Apr 20, 2007.

  1. (I hope that Lee Flight will read this message and reply to it :) )

    Hi, I'm reading the very very VERY good book of Joe Kaplan & Ryan Dunn,
    but at a certain point, you - well, I - just WANT to start playing with
    AD (ADAM in my case) in stead of just reading.
    I'm fairly new to LDAP and AD/AM, but want to use it more, because I can
    see the enormous advantages of it for intranet/extranet applications
    (that's what I do).
    Anyway, I wanted to have a real life test environment on my Windows XP
    SP2 box, so I decided to sync an existing AD to a local ADAM instance.

    First, the environment.
    The AD is on a small Windows 2003 SBS server. That means it is the
    domain controler, but the Exchange server as well (is this relevant ?)
    I connect to the server via a VPN connection, so it is as if I'm on the
    network (however, my machine is not in the domain). On both systems I
    have Administrator rights.

    I followed the ADAMSync instructions described in
    http://technet2.microsoft.com/Windo...cc99-4e7e-a80d-e77c5aefb3211033.mspx?mfr=true
    (however the instructions contain a few bugs and gotchas!), and the
    results are fairly good, in that sense that there are no error reports,
    that there are lots of things going on when the commands are running,
    and that the ADAM instance seems to have some schema elements
    replicated. (But by no means ALL schema elements !)

    In any case, two groups that I would be interested in, namely Computers
    and Users, are NOT sync'd, and they do NOT appear in the ldap tree.
    (well, to be totally clear, the groups DO appear, but they are not
    populated, i.e. "no children")

    I tried 2 methods :
    - to get the schema with the MS-AdamSchemaW2K3.LDF file
    - to get the schema with the AdamSchemaAnalyzer (using the Windows SBS
    AD as source), put in a ldf file and import that into the ADAM instance

    Results from both methods are fairly the same : some schema elements,
    some groups, but no populations.

    Can you shine your light to this ?

    Thanks !
    Erwin
     
    Erwin Bauwens, Apr 20, 2007
    #1
    1. Advertisements

  2. Erwin Bauwens

    Lee Flight Guest

    Hi

    to sync the schema, ADSchemaAnalyzer is the way to go as that
    will account for any schema extensions (including Exchange).
    When you have loaded your target and base schemas into
    ADSchemaAnalyser then, on the Schema menu ensure that you
    "Mark all non-present elements as included"
    before creating the LDIF file this should give you the entire
    source schema to load into your ADAM instance.

    Domain membership for your ADAM instance is not an issue
    for the sync as you can specify a domain account for ADAMSync
    to use. Visibility of objects in AD will be subject to access control
    for the account that you are using.

    With your schema in sync you can try a sync of your application
    naming context. If you find some objects are not syncing
    the run the
    adamsync /sync
    with the /log option to get the full details.

    Lee Flight
     
    Lee Flight, Apr 20, 2007
    #2
    1. Advertisements

  3. Erwin Bauwens

    Erwin Guest

    Thanks for your reply, Lee.

    In fact, I did everything right ! The only thing that was wrong, was
    that I had created my own directory partitition ("O=ODS,C=BE"), which I
    used in the config file while I should have used the directory partition
    of the AD !
    In hindsight, that's obvious !
    But I find it a little pitty that you can't sync an AD to a new
    directory partition, or can you ?
    In any case, now I have a working testing environment, so I can party on
    with Joe's and Ryan's excellent book !

    Thanks again for your input !

    Erwin
     
    Erwin, Apr 20, 2007
    #3
  4. Erwin Bauwens

    Erwin Guest

    Erwin, Apr 23, 2007
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.