HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)
Some attributes define the same information, but the names of the attributes or their schema
definitions are different. These attributes are mapped between Active Directory and Directory
Server, so that attribute A in one server is treated as attribute B in the other. For synchronization,
many of these attributes relate to Windows-specific information. Table 46 (page 412) shows the
attributes that are mapped between the Directory Server and Windows servers.
For more information on the differences in ways that Directory Server and Active Directory handle
some schema elements, see “Group schema differences between Directory Server and Active
Directory” (page 412).
Table 46 Group entry attribute mapping between Directory Server and Active Directory
Active DirectoryDirectory Server
namecn
namentGroupDomainID
groupTypentGroupType
Member
1
uniqueMember
member
1
The Member attribute in Active Directory is synchronized to the uniqueMember attribute in Directory Server.
Table 47 Group entry attributes that are the same between Directory Server and Active Directory
Active DirectoryDirectory Server
ocn
oudescription
seeAlsol
mail
9.4.2 Group schema differences between Directory Server and Active Directory
Although Active Directory supports the same basic X.500 object classes as Directory Server, there
are a few incompatibilities of which administrators should be aware.
Nested groups (where a group contains another group as a member) are supported and for
Windows Sync are synchronized. However, Active Directory imposes certain constraints as to the
composition of nested groups. For example, a global group contain a domain local group as a
member. Directory Server has no concept of local and global groups, and, therefore, it is possible
to create entries on the Directory Server side that violate Active Directory's constraints when
synchronized.
9.4.3 Configuring group sync for Directory Server groups
For Directory Server groups to be synchronized over to Active Directory, the group entries must
have the appropriate sync attributes set.
9.4.3.1 Configuring group sync in the console
1. In the Directory Server Console, select the Directory tab.
2. Right-click the group entry, and click Advanced to open the advanced property editor for the
entry. All the sync-related attributes must be added manually, so only the advanced property
editor can set the attributes.
3. Click the objectClasses field, then click the Add Value button.
4. Select the ntGroup object class.
412 Synchronizing Directory Server with Microsoft Active Directory