Tag: Directory Assistance

HCL Domino V11 – Directory Synchronzation – Part 3

After you have created a Directory Assistance document in part 2 of this tutorial, that is enabled for Directory Sync, create a Directory Sync Configuration document in the Domino® directory. You use this document to select Directory Sync configuration options and then to enable Directory Sync.

Open your Domino Directory (names.nsf) and navigate to Configuration > Directory > Directory Sync .

Click “Add Directory Sync” to create a new document.

Select a Directory Assistance Domain from the list of configurations in da.nsf.

For an initial sync of all users and/or groups from the selected Active Directory set “Sync all Active Directory users” to Yes.
Select No (default) to sync only Active Directory users who are registered in Domino. If previously set to Yes, any unregistered Active Directory users
synced previously are removed from the Domino directory.
For an Active Directory record to sync with Domino, the Active Directory mail field must match theInternet address field in the Domino directory Person document.

Type in the name of the application that is the target for synchronized users and/or groups into the “Domino Directory file name” field. Typically, this is your primary address book (names.nsf)

As you can see, the “Direction” field is not editable by now. At the moment, only a sync from Active Directory is possible.

One of DirSync’s abilities is to rename synced users in the target Domino directory when the when the users’ common name changes in Active Directory.

If the name of an Active Directory user who is not registered in Domino® changes, the name is automatically updated in the Domino® directory Person document during sync, regardless of this option.
If the user is already registered, a standard administration process Rename Person request is initiated for each name processed.

The Sync frequency settings tells DirSync how frequently the Dirsync task checks for Active Directory changes to synchronize. Default is once a minute.
Resync frequency tells DirSync how often to resync all data from Active Directory, in minutes. Default is 10,000 minutes or approximately once a week. If you don’t want to regularly resync all data, specify 0 ( not recommended).

If you want to synchronize groups, select the types of groups to synchronize. If you don’t want to synchronize groups, do not select either option on the “Synchronization” tab of the DirSync configuration document.

Keep in mind that the groups to be synced must be in the global group scope. If you try to sync local groups, you will receive an error on the Domino server console.

DirSync  DirSync  CSyncFromAD::DoModify - Skipping modification because entry = 'CN=Users,CN=Builtin,DC=ad,DC=fritz,DC=box' is not a valid candidate for a 'group' record.

If you only want to sync a subset of all objects under the configured BaseDN, use an LDAp filter.

After you finished your configuration, save and close the document.

Select the saved configuration in the view, click Enable and select Sychronize Data. Select Run in test mode to simulate the actions that Directory Sync would take but without changing any Domino® data.

If not already done, add the DirSync task to the server’s notes.ini

ServerTasks=Replica,Router,Update,AMgr,Adminp,Sched,CalConn,RnRMgr,Dirsync

and issue the following command on the server console: load DirSync.

DirSync will be started automatically on next server restart.

The Dirsync task begins to run when it detects the configuration document and you should now see an entry similar to this on the server console.

[1BE0:0004-1D10] 19.01.2020 15:34:09   DIRSYNC From Active Directory (AD) - Summary (0.128 sec, Start=210711, Adds=0, Modifies=0, Deletes=0, Skips=0, Errors=0, End=234710)

Look at the Status tab of the Directory Sync Configuration document in the Domino® directory in addition to monitoring the output of Dirsync at the server console and in log.nsf.

Congratulation, you have successfully configured DirSync synchronization.
In the next part we will dig deeper into DirSync features and abilities.


HCL Domino V11 – Directory Synchronzation – Part 2

In part 1 we covered the basic concept of DirSync. In this part, I will explain, how to setup and configure directory assistance.

The first step to configure DirSync is creating a DirSync-enabled directory assistance document in the directory assistance database.

If not already done. To configure directory assistance, you create a directory assistance database from the template DA.NTF, and replicate it to the servers that will use it. A server must have a local replica of a directory assistance database to use directory assistance. Then you add the database file name to the directory assistance database name field in the Domino® Directory Server documents of these servers.

For details about how to setup directory assistance refer to “Directory Assistance” in the HCL Domino Administration Help database.

If you are using an existing directory assistance database, replace its design with the da.ntf template provided with Domino® V11 .

Check the application properties.

Look at the template name in the inherit design from master template section. Hmm, seems to be wrong, isn’t it.

I opened a case with HCL support and got the following reply

I would like to inform you that i have checked the DA.ntf template on Domino Version 9.0.1 & 10.0.1.

On both the version it is showing the same name. I also found an enhancement request to change the DA.ntf template name which has been documented in SPR# CTOE8JRPTC.

So the template name of the DA.nft is not wrong it is as per the design.

Click on “Add Directory Assistance” to create a new document in da.nsf

On the “Basics” tab set select “LDAP” as Domain type and set “Make this domain available to” to “Directory Sync“.
Do not select Notes clients and Internet Authentication/Authorization or LDAP Clients unless you are also using the LDAP directory for these
purposes.

On the LDAP tab enter the hostname of your Active Directory and provide (optional) credentials to connect to that instance.

Click Verify to verify that the user name and password you entered is valid on each host name and to asure that the search base is accessible on each host name using the configured credentials.

Use the Suggest button to look up the host names of LDAP servers listed in your DNS and to search each host name for likely search bases.

Each server process that provides directory services and detects a local directory assistance database configuration loads directory information configured in the directory assistance database into an internal memory table.

During server startup and thereafter at five-minute intervals each server process checks for changes to the directory assistance database configuration and if found, each process reloads its internal memory table to reflect the changes.e the document.

From the server console of the Domino® administration server, run the sh xdir command to confirm that the DirSync configuration in the Directory Assistance document is set up correctly.

You should get a console output similar to this:

You have now completed the first step in configurating DirSync. Part 3 of this tutorial will explain, how to create DirSync Configuration documents.