How do you want to handle any group conflicts? That is, what should happen if (based on your matching criteria) that Directory Sync Pro for Active Directory finds a matching group already in the target?
If you choose skip, Directory Sync Pro for Active Directory will not make an association between those objects, and an error will be noted in the log file.
If you choose Merge, Directory Sync Pro for Active Directory will consider those items the same. This means that any members of the source group will be added to the membership list of the target group, if you have set updates to occur. No new object will be created.
With Rename, a new Active Directory group object will be created in the target. You will need to distinguish this from the matched target object by giving it a new name. You can manually add a prefix or suffix of your choice, or, you choose any existing AD attribute to be prepended or appended to the name. Remember that if you choose rename, when you update the object in the source such as adding another member, it will be the Renamed group object in the target that gets updated during a synchronization.
When you migrate a user, you can also have Directory Sync Pro for Active Directory migrate any groups in which they are a directly a member. Just check the Synchronize Accompanying Groups box. If they are member of a group, that is itself a member of another group, you can choose to include the entire nested chain of groups by checking the Include Parent Groups box also.
However, the group objects themselves must also be included within the scope of this profile, or another profile, or this setting will have no immediate effect. If you later fixed the issue by including those particular groups within a profile, the user's membership would then be included automatically at that time.
To avoid this issue, if you plan to use this option, you may want to first make a profile that includes all the groups, and only groups, in the entire domain. You would then run only a push synchronization, to get these items into the SQL database without pulling them into the target. Then this option would always behave as expected.
By default, the Active Directory account status of device is maintained when the object is created in the target. If a device was Active Directory enabled in the source, it will be enabled in the target, and vice-versa. Or, choose enabled, to make all migrated devices immediately Active Directory enabled, no matter what their status was in the source.
Maybe you want to ensure that these devices should not be available until a later time even after the device has been cutover. In that case, you can choose disabled, which will cause all migrated devices to be Active Directory disabled, no matter what the status in the source.
How do you want to handle any device conflicts? That is, what should happen if (based on your matching criteria) that Directory Sync Pro for Active Directory finds a matching device already in the target? If you choose skip, Directory Sync Pro for Active Directory will not make an association between those devices, and an error will be noted in the log file.
If you choose Update, Directory Sync Pro for Active Directory will consider those items the same. This means that any changes to the source device object attributes will be made to the target device, if you have allowed updates to occur. No new object will be created.
With Rename, a new Active Directory device object will be created in the target. You will need to distinguish this from the matched target object by giving it a new name. You can manually add a prefix or suffix of your choice, as long as it does not exceed 20 characters, or, you choose any existing AD attribute to be prepended or appended to the name. Remember that if you choose rename, when you update the device object's attributes in the source, it will be the Renamed device object in the target that gets updated during a synchronization.
© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center