HOW TO: Configure Two-Way Account Synchronization with Microsoft Directory Synchronization Services (316226)


The information in this article applies to:

  • Microsoft Windows 2000 Server
This article was previously published under Q316226

IN THIS TASK

SUMMARY

This step-by-step article describes how to use Microsoft Directory Synchronization Services (MSDSS) to synchronize user accounts between a NetWare Directory Services (NDS) tree and Active Directory. After you complete this task, user account information is duplicated in both the NDS tree and Active Directory, and users are able to use a single user account and password to log on to both NDS and Active Directory.

back to the top

Requirements

  • A computer (that meets the requirements that are listed on the Hardware Compatibility List) on which Windows 2000 Server, Active Directory, the Novell client for Windows 2000, and MSDSS are installed. Note that Gateway Services for NetWare does not work with MSDSS.
  • A computer on which NetWare server software and NDS is installed.
back to the top

Configuring Two-Way Account Synchronization with Microsoft Directory Synchronization Services

To configure account synchronization, you must be a member of the Enterprise Administrators group in Active Directory, and have supervisor rights to the root of the NDS tree.

To configure two-way account synchronization:
  1. Click Start, point to Programs, point to Administrative Tools (Common), and then click Directory Synchronization.
  2. In the MSDSS dialog box, right-click MSDSS in the left pane, and then click New Session.
  3. In the New Session Wizard, click Next. In the Synchronization and Migration Tasks page, click Novell Directory Services (NDS) in the Select NDS or Bindery box. Click the Two-way synchronization (from Active Directory to NDS and back) option, and then click Next.
  4. In the Active Directory Container and Domain Controller page, click Browse. In the Select an Active Directory Container dialog box, click the container you want to synchronize with NDS.

    NOTE: If you want to synchronize the entire domain, click the domain.

    Click OK. If you want to connect to a different domain controller other than the default one that is specified, click Find, click the domain controller to which you want to connect in the Find a Domain Controller dialog box, and then click OK. Click Next.
  5. In the NDS Container and Password page, click Browse. In the Browse for NDS Container dialog box, browse for the NDS container with which you want to synchronize. Click OK. In the User name box, type the user name of the administrative account for the NDS tree, for example, admin.ms. In the Password box, type the password for the administrative account. Click Next.
  6. The Initial Reverse Synchronization page is displayed. If you do not want to complete an initial reverse synchronization (from NDS to Active Directory), click the Do not perform an initial reverse synchronization option. Click Password Options. In the Password Synchronization Options dialog box, click one of the four password-synchronization options, and then click OK. Click Next.
  7. The Object Mapping Scheme page is displayed.

    If you use the same hierarchical structure in NDS and Active directory, click the Default option.

    • If the directory structures are different in Active Directory and NDS, click the Custom option, and then click Object Mapping Table. In the Custom Object Mapping dialog box, click Add to map individual NDS object with individual Active Directory objects, or to Map NDS organizational units to Active Directory organizational units. When you are finished mapping objects and organizational units , click OK.
    • If you do not want to synchronize all objects, click Filters. In the Synchronization filters dialog box, click to clear the check boxes that are next to the types of objects that you do not want to synchronize. If you want to exclude the administrative account for Active Directory or the administrative account for NDS, click Browse AD or Browse NDS to add the filter. When you are finished configuring filters, click OK.

    Click Next.
  8. In the Session Name page, type a name for the synchronization session in the Session Name box, and then click Next.
  9. In the Completing the New Session Wizard page, click Finish. In the Synchronize dialog box, click OK. Quit MSDSS.
This completes the two-way Synchronization of Active Directory and NDS by using MSDSS on your Windows 2000 Server computer.

back to the top

REFERENCES

For more information about how to install and configure interoperability with other operating systems from your Windows 2000 Server-based computer, see module 16 in Microsoft Official Curriculum, Course Number 2153, Implementing a Microsoft Windows 2000 Network Infrastructure.

back to the top
Modification Type:MajorLast Reviewed:10/3/2003
Keywords:kbenv kbhowto kbHOWTOmaster KB316226 kbAudITPro
©2003 Microsoft Corporation. All rights reserved.