Share via


Synchronize with Active Directory Domain Services

Applies To: Windows Server 2008

Synchronizing data from an Active Directory Domain Services (AD DS) forest to the configuration set of an Active Directory Lightweight Directory Services (AD LDS) instance requires two steps:

  1. Prepare the AD LDS instance for synchronization.

  2. Synchronize the data.

Typically, you perform the first step only once. You perform the second step whenever you want to update the AD LDS instance.

Membership in the Administrators group of the AD LDS instance is the minimum required to complete this procedure. By default, the security principal that you specify as the AD LDS administrator during AD LDS setup becomes a member of the Administrators group in the configuration partition. For more information about AD LDS groups, see Understanding AD LDS Users and Groups.

Preparing an AD LDS instance for synchronization

To prepare an AD LDS instance for synchronization

  1. Open a command prompt.

  2. At the command prompt, type the following command, and then press ENTER:

    cd %windir%\adam

  3. Do one of the following:

    • To prepare to synchronize an AD LDS instance with a Windows Server 2003 forest, type the following command, and then press ENTER:

      ldifde -i -u -f ms-adamschemaw2k3.ldf-sserver**:port-buser_namedomainpassword-j.-c "cn=Configuration,dc=X" #configurationNamingContext**

    • To prepare to synchronize an AD LDS instance with a Windows Server 2008 forest, type the following command, and then press ENTER:

      ldifde -i -u -f ms-adamschemaw2k8.ldf -sserver**:port-buser_namedomainpassword-j . -c "cn=Configuration,dc=X" #configurationNamingContext**

Important

You must include the period (.) between -j and -c.

  1. Type the following command, and then press ENTER:

    ldifde -i -sserver**:port-c CN=Configuration,DC=X #ConfigurationNamingContext -f MS-AdamSyncMetadata.ldf**

  2. Type the following command, and then press ENTER:

    notepad MS-AdamSyncConf.xml

  3. In Notepad, make the following changes to the contents of the configuration file:

    • Replace the value of <source-ad-name> with the name of the source AD DS domain controller.

    • Replace the value of <source-ad-partition> with the distinguished name of the source domain.

    • Replace the value of <source-ad-account> with the name of an account in the Domain Admins group of the source domain.

    • Replace the value of <account-domain> with the fully qualified Domain Name System (DNS) name of the source domain.

    • Replace the value of <target-dn> with the name of the partition of the target AD LDS instance.

Note

If you are preparing to synchronize an AD LDS instance on a computer running Windows Server 2008, you must specify a naming context head as the value for <target-dn>. If you do not specify a naming context head as the distinguished name of the target AD LDS instance in the configuration file, the following error message appears when you attempt to run adamsync in the next step: "The target partition given was not the head of a partition. AdamSync cannot continue."

  - Replace the value of \<base-dn\> with the base distinguished name of the source domain.  
      
  1. In Notepad, on the File menu, click Save As, type a new name for the file, click Save, and then close Notepad.

  2. At the command prompt, type the following command, substituting the file name that was used in the previous step for xml_file, and then press ENTER:

    adamsync /installserver**:**port .xml_file

After you prepare the AD LDS instance for synchronization, you can perform the following procedure as needed to synchronize data from the specified AD DS forest to the AD LDS instance.

Synchronizing AD DS forest data to an AD LDS instance

To synchronize AD DS forest data to an AD LDS instance

  • At a command prompt, type the following command, and then press ENTER:

    adamsync /sync server:port configuration_dn /log

Additional considerations

  • To open a command prompt, click Start, right-click Command Prompt, and then click Run as administrator.

  • The following table contains the parameters for the preceding procedures and other commonly used adamsync parameters. For more information about adamsync parameters, at a command prompt, type adamsync /?, and then press ENTER.

    Parameter Description

    /?

    Displays command-line options.

    /i or /installinput_file

    Installs the configuration that is contained in the specified input file.

    /syncconfiguration_dn

    Synchronizes the specified configuration.

    /fsconfiguration_dn

    Performs a full replication synchronization for the specified configuration.

    /ageallconfiguration_dn

    Performs an aging search for the specified configuration. An aging search determines—by searching for the AD LDS objects in AD DS—if the AD LDS objects in a configuration have been deleted in AD DS.

    /soconfiguration_dn object_dn

    Performs a replication synchronization for the specified object in the specified configuration. Use the distinguished name of the object.

  • You must have Read or Dirsync access to the objects or partitions in the AD DS forest that you want to synchronize.

  • You must have full control of an application directory partition on an AD LDS instance to run this command.

Additional references