2

I am setting up an Active Directory Lightweight Directory Service (ADLDS) server to give a partner limited access to our directory without giving them access to the entire Active Directory. Setting up ADLDS looks pretty easy.

What I can't find is information on how to best replicate limited data out of Active Directory into an ADLDS data store. Can this be done with standard AD Replication, or must I use a more invasive technique, such as Microsoft Identity Integration Server?

Ryan Michela
  • 1,147
  • 4
  • 16
  • 23

1 Answers1

1

MS recommends using ADAMsync to sync data with ADLDS. But in the past ADAMsync has had problems with aging see KB927053. So I ended up writing a custom script to do the syncing for me.

I have no idea if the aging issues have been fixed with the switch to ADLDS.

Update:

These where written for ADAM but I assume they still apply.

To filter objects you can use a LDAP query in the object-filter field.

Adam
  • 581
  • 3
  • 8
  • I read the ADAMsync documentation. It says it wants the source and destination schemas to match. MS-AdamSyncConf.xml contains a section for attributes, but it is unclear if this lets you sync only selected fields. There also doesn't seem to be any way to select only some records to sync. – Ryan Michela Aug 05 '09 at 17:13
  • Updated with some more info that might help. – Adam Aug 06 '09 at 12:49