Source and Destination

Use this dialog box to identify the Windows synchronization peer with which you will synchronize directory entries. In addition, this dialog box allows you to define whether SSL is used for the connection and the content you want synchronized.

Supplier. This field contains a static display of the name and port number of the Directory Server in this agreement.

Windows Domain Information

Windows Domain Name. This is the name of the Windows domain that contains the Windows subtree which you are synchronizing with the Directory Server subtree. For example: example.com

Sync New Windows Users. Check this checkbox if you want to add new Windows users automatically to the Directory Server.

Sync New Windows Groups. Check this checkbox if you want to add new Windows groups automatically to the Directory Server.

Windows Subtree. This is the Windows subtree which you are synchronizing with the Directory Server subtree. If the subtree which you are synchronizing is ou=People, than the Windows subtree is set by default to cn=Users, and the remaining information is supplied by the Windows domain information.

DS Subtree. The Directory Server subtree that is synchronized. This is set by default depending on the database that you have selected in the agreement.

Domain Controller Host. This is the hostname of the domain controller in the Windows domain you wish to use for sync operations. This name must be resolvable and, if TLS/SSL (StartTLS or LDAPS) is being used, must match the CN of the certificate issued to the domain controller. That is normally the fully qualified DNS name. For example: dc01.example.com

Port Num. The Windows domain controller port number. By default, this is 389; this is automatically reset to 636 if you check the "Use TLS/SSL (TLS/SSL encryption with LDAPS)." checkbox (even if you had previously set a different value). It is better to choose the connection type first, then change this port number field if necessary.

Connection

Use LDAP (no encryption). If you want the supplier and consumer servers to use plain LDAP with no security, select this radio button.

Use TLS/SSL (TLS/SSL encryption with LDAPS). Deprecated. If you want the supplier and consumer servers to use TLS/SSL for secure communication using LDAPS, select this radio button. To use this option, you must have first configured your servers to use TLS/SSL. This is Deprecated - use StartTLS instead.

Use StartTLS (TLS/SSL encryption with LDAP). If you want the supplier and consumer servers to use TLS/SSL for secure communication using StartTLS to start an encrypted channel using LDAP, select this radio button. To use this option, you must have first configured your servers to use TLS/SSL.

Bind As. Enter the supplier bind DN defined on the Windows server in the Bind As text box. This must be a valid DN. This user must be able to read, write, and use the DirSync control in the specified subtree.

Password. Enter the supplier DN password in the Password field.

When you are creating a new synchronization agreement from the Replication folder, you can choose the subtree you want to synchronize. If you are creating a new synchronization agreement from a database under the Replication folder, the subtree is the same as that contained by the database and cannot be changed.