Skip navigation
(Stipe_Pavicic) Calculating status...
Currently Being Moderated

Active Directory Settings

Jul 3, 2007 5:52 AM

Hello,

did you have any problems synchronizing AD while adding AD to ES Domain Management?

If someone succeeded to synchronize AD is it a problem to post a details about unique identifier and other Directory Users details, so I could compare and get some conclusions..

Thank you!
1055 Views   2 Replies   Latest reply: HowardTreisman, Dec 2, 2007 1:17 AM
 
Replies
  • Currently Being Moderated
    1. (Kim_Laundry),
    Jul 11, 2007 10:29 AM   in reply to (Stipe_Pavicic)
    Report
    Stipe:

    This is a process that requires an understanding of your companys Active Directory schema. I recommend the following procedure:

    1) Set up a session with your Active Directory Administrator

    2) Download and install Softerras LDAP Browser tool (free)

    3) Figure out how to connect it to your Active Directory server.

    4) Determine how your users are organized. You may not want all of your users to be synchronized with LiveCycle.

    5) Construct the fully qualified path to the OU which is one level above the OUs containing all of your users (OUs are hierarchical)

    6) Find yourself in your Active Directory

    7) Also, find a group that you are a member of

    8) Look at your users attributes and then map them, one by one, to the fields presented to you by the LiveCycle LDAP config page. Do the same for groups. Your AD admin can tell you which user attribute is unique (should not change even if you move from IT to Finance!).

    9) Test

    10) Query the EDCPRINCIPALENTITY table with a SELECT COUNT(*) from EDCPRINCIPALENTITY query statement. Note the number of records.

    11) Kick off the synchronization

    12) After about 10 minutes, execute the query again. See if the number roughly matches the total number of users and groups youd expect based on your OU choice. Wait two minutes and try again to make sure that the synchronization has finished.

    13) Check the servers log for any errors. If there are any related to LDAP synchronization, determine the user or group involved and troubleshoot.


    - Jayan
     
    |
    Mark as:
  • HowardTreisman
    Currently Being Moderated
    2. HowardTreisman,
    Dec 2, 2007 1:17 AM   in reply to (Stipe_Pavicic)
    Report
    Another tip is to temporarily set the Log4J threshold to DEBUG - you will see all the synchronization messages in the log.
    Howard
    http://www.avoka.com
     
    |
    Mark as:
Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)