Chat now with support
Chat with Support

Directory Sync Pro for Active Directory 20.11.2 - User Guide

Mail-Enabled and Non-Mail Enabled Users

This page is where you control the characteristics of the objects as they are created in the target.

Options for AD Inter-forest and Intra-Forest Profiles

AS-IS means the objects will be created just as they currently exist in the source. If the account was disabled in Active Directory in the source, it will be disabled in Active Directory when created in the target. If the account was enabled in Active Directory in the source, it will be created as enabled in Active Directory in the target.

You can also choose to Active Directory enable all objects when they are created in the target, no matter their Active Directory account status in the source. Or, just the opposite, you can choose to have all objects created in an account disabled state in the target, no matter their status in the source.

For mail-enabled objects only, there is also the option is to convert all mail-enabled objects into contacts when they are created in the target.

Options for Exchange Inter-forest Profiles

AS-IS means the objects will be created just as they currently exist in the source. If the account was disabled in Active Directory in the source, it will be disabled in Active Directory when created in the target. If the account was enabled in Active Directory in the source, it will be created as enabled in Active Directory in the target.

You can also choose to enable all objects when they are created in the target, no matter their status in the source. Or, just the opposite, you can choose to have all objects created in an account disabled state in the target, no matter their status in the source.

You may also choose to convert all the mail-enabled objects into contacts when they are created in the target.

You would use this profile in conjunction with our Exchange Pro mailbox migration product.

Options for Exchange IntRA-forest Profiles

AS-IS means the objects will be created just as they currently exist in the source. If the account was disabled in Active Directory in the source, it will be disabled in Active Directory when created in the target. If the account was enabled in Active Directory in the source, it will be created as enabled in Active Directory in the target.

Note that All objects created will be Mail-Disabled, no matter what their Active Directory account status.

You can also choose to enable all objects when they are created in the target, no matter their status in the source. Or, just the opposite, you can choose to have all objects created in an account disabled state in the target, no matter their status in the source.

You may also choose to convert all the mail-enabled objects into contacts when they are created in the target.

User Conflicts

How do you want to handle any users conflicts? That is what should happen if (based on your matching criteria) that Directory Sync Pro for Active Directory finds a matching user already in the target? If you choose skip, Directory Sync Pro for Active Directory will not make an association between those objects, and an error will be noted in the log file.

With Update, Directory Sync Pro for Active Directory will consider those items the same. This means that any changes made to the source will update that matched item in the target, if you have set updates to occur. No new object will be created.

With Rename, a new object will be created in the target. You will need to distinguish this from the matched target object by giving it a new name. You can manually add a prefix or suffix of your choice, or, you choose any existing AD attribute to be prepended or appended to the name. Remember that if you choose rename, when you update the object in the source, it will be the Renamed object in the target that gets updated during a synchronization.

User SID History

You have the option to include an object's SID history during the migration. This will help prevent issues with some software, and network shared printers. We suggest this option. Consider however, that in a large enterprise, this might cause the Kerberos token to exceed the max token size for users that belong to many groups. You could mitigate that issue with a GPO that is set to accept larger tokens.

If you do choose to migrate SID History, all Domain Controllers that you have listed in the Target DC's tab will need access to the Domain Controller that holds the PDC Emulator FSMO role in the source.

Groups

Options for AD Profiles

By default, groups will retain their current group scope when they are migrated. You have the option to change that here, so that you can transform a group's scope as it is migrated. For example, if the new target does not have multiple domains, you may choose to convert your Universal Groups into Domain Local groups. Or you can choose not to migrate a particular group scope at all. There are some limitations on changing the scope of nested groups, so you may want to refer to the following TechNet link.

https://technet.microsoft.com/en-us/library/cc755692(v=ws.10).aspx

Options for Exchange Profiles

By default, your mail-enabled groups will retain their current group scope when they are migrated. You have the option to change that here, so that you can transform a group's scope as it is migrated. You can also change the group to a contact, or you can choose not to migrate a particular group scope at all.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating