Synchronizing users and groups

Active Directory user and group accounts can be synchronized with the corresponding Person and Group documents in the Domino® Directory.

Synchronizing users facilitates other user synchronization operations, such as user registration and deletion, which can be initiated through the Microsoft Management Console (MMC) or Domino®. Synchronization also enables users to have a common password for Microsoft Windows and for Domino® Web Server access, copies all mapped field values from user or group objects in Active Directory to corresponding documents stored in the Domino® Directory, and it copies member lists of the groups. The synchronization server specified in Notes® Settings is used for all synchronization operations.

Note: When you synchronize an Active Directory with the Domino® Directory, ADSync copies the primary names from the Active Directory to the Domino® Directory. Primary names are copied exactly as they have been entered in the Active Directory. Japanese (double-byte) characters are not supported in the Domino® Directory, but in some cases, they are supported in Active Directory. If you have registered any primary names with Japanese characters in the Active Directory, before synchronizing the directories, rename those primary names using single-byte characters that are supported by the Domino® Directory.

Synchronization is initiated at these times:

  • After the user or group is registered in Domino® from the MMC using ADSync.
  • When one or more users or groups are selected on the results pane of the MMC and the Synchronize with Domino® option is selected from the context menu or the toolbar.
  • When you change any of the properties of the user or group object and confirm your changes by clicking the OK or Apply buttons.

During synchronization, ADSync attempts to match the Active Directory object with an entry in the Domino® Directory. If more than one match is found, ADSync prompts you to specify the match from those that have been located.

The field mappings that are set in the Field Mappings table designate which fields are synchronized during synchronization. System fields that cannot be safely synchronized in two directories are excluded from the Field Mappings table.

If the Set common password check box is checked on the Synchronization Options tab on the ADSync Options dialog box, you are prompted to enter a new password during synchronization. This changes the Windows password as well as the Notes® Internet password for that user.