Re: AD to ADAM Syncronization with ADAMSync data extraction and redundency
- From: "Lee Flight" <lef@xxxxxxxxxxxxxxx>
- Date: Wed, 6 Jun 2007 17:55:48 +0100
Hi
inline below...
"Enrico" <nricko@xxxxxxxxx> wrote in message
news:1181087705.938643.229810@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hello,
I am looking to leverage ADAM as an LDAP read-only query point for AD
for a 3rd party application server. This 3rd party application server
is a Anti-Abuse platform that will query a user's email address in AD
before forwarding an email message to our exchange servers. All
schema updates will be created and updated on the domain controllers.
The purpose of implementing ADAM is to prevent the 3rd party
application from having direct access to AD as well reduce the traffic
load on the AD servers (we are not using ADAM for schema extensions or
development).
I am attempting to implement 3 ADAM server instances on separate
machines that are replicating a single configuration set. ADAM servers
are using ADAMSync to perform a one way replication of all data in AD
(3 domain controllers are present in environment).
I followed the installation procedure outlined in the Microsoft ADAM
step by step guide (http://www.microsoft.com/downloads/details.aspx?
familyid=5163B97A-7DF3-4B41-954E-0F7C04893E83&displaylang=en) to set
up the my ADAM instance.
Questions
1. Is it possible to only import a particular OU into my ADAM
application or is my import specifically restricted to classes and
attributes?
a. If yes, do you have any reference material that would assist me
in creating this application partition?
Yes if you set the base-dn of your ADAMsync XML configuration
to the OU in the source AD that will used as the search base for
sync
b.If no, can I potentially use the ADAM users, groups, and access
lists to restrict my 3rd party server's access to a particular OU
and how might I limit the amount of data being replicated from AD to
include only user attributes such as email, etc (essentially create
ldif file to contain only certain classes, attributes, and property
sets)
You can restrict the attributes that sync by using the include element
of the ADAMsync XML configuration, see:
http://blogs.technet.com/efleis/archive/2005/09/15/synchronizing-only-the-attributes-you-really-want.aspx
2. Do you have any suggestions regarding how I could implement AD to
ADAM synchronization using ADAMSync with redundant AD and ADAM
servers?
a.After setting up replication initially with one domain
controller, how do I ensure that replication will continue in the
event that the primary domain controller specified has failed?
For the source-ad-name element of your ADAMsync XML configuration
use the domain name rather than a specific DC name and ADAMsync
will use DC Locator mechanism to find an available DC.
b.Can I input multiple source Domain controllers in my MS-
AdamSyncConf.xml file?
No need see answer above.
c.Is this MS-AdamSyncConf.xml file values used by all ADAM
servers that are set up as replication partners (in case of primary
ADAM server failure)?
The configuration attribute that has the ADAMsync configuration in it
is an attribute on the application NC head in ADAM and so is replicated to
all members of the config set for that NC.
You would need to run the sync job from another box independent of the
ADAM servers and some logic to determine which server was active
in order to be resilient.
3. Is ADAM and ADAM synch a good solution for what I am trying to
implement or do you recommend that I use additional 3rd party sync
tools (such as MIIS) with ADAM or a new tool entirely?
Sounds workable you will need to check deprovisioning, i.e what happens
when AD source objects are removed from the OU in AD also what should happen
if the AD user account is disabled does your application care?
Your application sounds rather like the Exchange 2007 Edge Server role:
http://technet.microsoft.com/en-us/library/cfff9f59-afac-447c-8297-afcebe49a52d.aspx
Lee Flight
.
- Follow-Ups:
- References:
- Prev by Date: Re: Group Policy issue - restricted groups
- Next by Date: Re: Group Policy issue - restricted groups
- Previous by thread: AD to ADAM Syncronization with ADAMSync data extraction and redundency
- Next by thread: Re: AD to ADAM Syncronization with ADAMSync data extraction and redundency
- Index(es):
Relevant Pages
|
