This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal


~Sean Ekkromarlen
Apr 8, 2015, 1:09 PM
5 Posts

AD - Domino synchronization...........

  • Category: Domino Server
  • Platform: Windows
  • Release: 9.0.1
  • Role: Administrator
  • Tags:
  • Replies: 10

Hi ALL,

I have installed Active directory and Domino server in different windows 2008 64 bit VMs, Now i am trying to sync these two domino server and Active directory by using ADsync tool.

* Admin client is also installed in Active directory VM.

As per the articles i went to command prompt and typed "Reg32 nadsync.dll", it shows succeded but i am not able to find the domino users icon under active directory users and groups.

Please help me in this...

In my previous post some experts gave me suggestions to use TDI, but in our environment our requirement is to do sync with ADsync tool.

Please tell me the process or send me if any documentation available

~Tip Ekresaman
Apr 8, 2015, 1:48 PM
212 Posts
Map Active Directory fields to Domino Directory

Mapping Active Directory fields and groups with Domino Directory fields and groups

Use the Field Mappings tab and the Group Mappings tab on the Lotus ADSync Options dialog box to map specific Active Directory fields and groups to IBM® Lotus® Domino® Person and Group document fields. Person and Group documents are stored in the Domino Directory. Mapping is different for the two Field Mapping object classes, "User" and "Group."

You can modify any of the initial mappings, create mappings, or create IBM® Lotus® Notes® field names. When an Active Directory object is created or is synchronized with Notes, all field values in the mapped Active Directory object are copied to corresponding fields in the Person or Group document in the Domino Directory. If necessary, fields are created in the Person or Group document and existing field values are overwritten. This is one-way synchronization. No changes are made to the Active Directory object.

Field Mappings in ADSync, unlike other settings, are different for each Active Directory domain.

To create group mappings

In Active Directory

In Domino Directory

Security

Click to assign a group type when registering security groups in Notes. Choose one:

  • Multi-purpose -- Use for a group that has multiple purposes, for example, mail and ACLs.
  • Mail only -- Use for mailing list groups.
  • Access Control List only -- Use for server and database access authentication only.
  • Deny List only -- Use to control access to servers. Deny List only is typically used to prevent terminated employees from accessing servers, but this type of group can be used to prevent any user from accessing particular servers. The Administration Process cannot delete any member from this group.

Distribution

Click to assign a group type when registering distribution groups in Notes. Choose one:

  • Multi-purpose -- Use for a group that has multiple purposes -- for example, mail and ACLs.
  • Mail only -- Use for mailing list groups.
  • Access Control List only -- Use for server and database access authentication only.
  • Deny List only -- Use to control access to servers. Deny List only is typically used to prevent terminated employees from accessing servers, but this type of group can be used to prevent any user from accessing particular servers. The Administration Process cannot delete any member from this group.
  1. From the MMC, choose Domino Directory Synchronization.
  2. Click Group Mappings.
  3. Complete these mappings as necessary, and then click Apply and OK.

To create field mappings

  1. From the MMC, choose Domino Directory Synchronization.
  2. To create field mappings, click Field Mappings.
  3. Choose either User or Group in the "Field mappings for Object class" field.
  4. Scroll through the In Active Directory list until you locate the Active Directory field that you are mapping to a Domino Directory field.
  5. Right-click the corresponding In Domino Directory field (it may appear blank). An editable field appears. Enter the field name or select one from the list.
  6. Continue this process until you have mapped as many fields as needed.
  7. Click Apply and OK.

To allow the new fields to display in the dialog box, close and then restart the Microsoft Management Console. The new fields appear.

~Bella Frofanalyetsi
Apr 10, 2015, 2:24 PM
32 Posts
Be careful of the 32 bit limitation

Hi,

If you are trying to sync Changes from AD to Domino Server then you cannot have ADSync functional from the AD server if it's 64 bit. It didn't work with me.

what we did is that we created a windows 7 32 bit machine with the Remote Server Administration Tools, installed the Admin Client there and conducted the sync from that machine.

Good Luck
Samer

~Bella Frofanalyetsi
Apr 12, 2015, 9:42 AM
32 Posts
We have tried it on Windows 2008 R2 64 bit with Fp2

Chad,

We have tried it on the domino server (windows 2008 R2 64 bit) itself with 9.0.1 fp2, probably IBM fixed it with windows 7 64 bit and not on the 64 bit server.

However, the use of server operating systems with Domino Administrator clients is not a supported configuration

the link that you have supplied doesn't mention 64 bit support, do you have any insight on this? if there is a workaround for the 64 bit server support, this will be a nice thing IBM have done, as we were going to install IBM Directory Integrator, previously known as TDI, the same one satish mentioned in his post. TDI is a hustle as we need to install a new module that requires training and additional configuration.

Thanks,

Samer

~Dexter Deswechekynds
Apr 13, 2015, 2:15 PM
191 Posts
A few things
The Technote is being update to include information about the specific fix version (9.0.1 FP2) and the bitness it relates to (64-bit).

I'm not aware of any distinction between different Windows 64-bit operating systems for this fix, but testing was done on Windows 7. As you mentioned, it is not strictly supported on server operating systems and is not test there. Do you actually have Notes installed on the server system, or did you just try to register the DLL? You'd want Notes installed there, even though that's not a recommended configuration.

TDI is a much better way to go for enterprise-grade integration of Active Directory and ADSync. ADSync has a number of limitations.
~Bella Frofanalyetsi
Apr 17, 2015, 1:09 PM
32 Posts
Administrator installed on windows AD server and Domino Server

Hi Chad,

In my case, I have both Domino administrator installed on my Server and on the AD.

On the Domino server, we have failed to register the dll and same case on the AD machine, which has the Domino Administrator installed. The AD server is a windows 2008 R2 64 bit server. The below errors occurred. we have tried it on different machines and same behavior occurs.

Note that TDI has more features than AD Sync, but also has limitations in OU sync if more than 1 OU levels are implemented.

 

Thank you,

Samer

 

~Dexter Deswechekynds
Apr 17, 2015, 1:50 PM
191 Posts
Also
What limitation are you referring to with TDI? That doesn't sound right.

This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal