HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)
Three schema elements are required for synchronization:
• The ntUser object class
• The ntUserDomainID attribute, to give the Windows ID
• The ntUserCreateNewAccount attribute, to signal to the synchronization plug-in to
synchronize the Directory Server entry over to Active Directory
For example:
ldapmodify -D "cn=directory manager" -w secret -p 389 -h server.example.com
dn: uid=scarter, ou=People, dc=example,dc=com
changetype: modify
add: objectClass
objectClass:ntuser
-
add: ntUserDomainId
ntUserDomainId: Sam Carter
-
add: ntUserCreateNewAccount
ntUserCreateNewAccount: true
-
add: ntUserDeleteAccount
ntUserDeleteAccount: true
Many additional Windows and user attributes can be added to the entry. All of the schema which
is synchronized is listed in “User attributes synchronized between Directory Server and Active
Directory” (page 405). Windows-specific attributes, belonging to the ntUser object class, are
described in more detail in the HP-UX Directory Server schema reference.
9.3.4 Configuring user sync for Active Directory users
Synchronization for Windows users (users that originate in the Active Directory domain) is configured
in the sync agreement.
9.3.4.1 Configuring user sync in the console
1. Open the Configuration tab and expand the Replication folder.
2. Open the appropriate database, and select the sync agreement.
9.3 Synchronizing users 409