Directory Sync

Directory Sync allows you to sync people and group data from an external LDAP directory into the Domino® directory. Currently data from Active Directory can be synced.

Directory Sync makes it easy for your HCL Domino users to address mail to and see details about users in your organization who do not use Notes® such as Microsoft™ Outlook users registered in Active Directory. With this feature, Active Directory users automatically have Person documents in the Domino directory so that Notes users can find their addresses and other information. Without Dirsync, Notes users must know the addresses of the Active Directory users before they can send mail to them, unless Person documents are added for them manually.

A task called Dirsync synchronizes fields that you specify from Active Directory to the Domino directory. The content of the fields is always controlled through Active Directory.

A hidden GUID field in a Domino directory Person document links it to a unique record in Active Directory.

Directory Sync includes the following components:
  • LDAP directory assistance document created in a directory assistance database that is enabled for Directory Sync. A Domino server uses this document to connect to the Active Directory server for syncing.
  • Directory Sync Configuration document created in the Directory Sync view of the Domino directory. This document controls which Active Directory fields to sync to Domino as well as other options.
  • A server task, Dirsync, that runs only on the Domino administration server, that connects to the Active Directory server regularly to pull person and group changes into the Domino directory.
  • The ability to register Active Directory users in Domino.
  • The ability for administrators to rename registered Domino users when their names change in Active Directory. When a user's common name in Active Directory changes, an administration process request, Rename Common Name is created. Administrators approve the request to initiate a standard administration process rename request.
Note: Only Active Directory users with distinguished names that contain 256 or fewer characters can be synced.
Note: This feature replaces the older Active Directory Synchronization feature, which is now deprecated. The new Directory Sync feature is a simpler, more effective synchronization tool.