| Posted: 16-March-2010 at 11:00am
|
|
|
We are providing a questions and answers article to better describe the data sync provided by the Riva "GroupWise for Active
Directory" policy.
Abbreviations:
AD - Active Directory
eDir - eDirectory
GW - GroupWise DL - GroupWise distribution list
DG - Active Directory distribution group
DATA SYNC EXPLANATION:
Riva "GW for AD" provides a policy that defines a parent container in AD
and a corresponding parent container eDir. All child objects at and below the
parent container object are defined to be "in scope" for the policy and will be
affected by changes that are made to the corresponding user, DG or DL
objects.
Riva "GW for AD" is not a migration tool for migrating
users and DLs from eDir/GW to AD/Exchange. What Riva "GW for AD" is designed to
do is provide the capability to transition management of users and resources to
AD and while continuing the use of GW in the AD environment. Once Riva "GW for
AD" is deployed, all management of the user accounts will be done using MS
management tools, e.g. MMC and task pads. The trigger for synchronization
between AD and eDir/GW is modifying the AD source "in scope" object.
Q1 - Will AD DGs be recreated in eDir/GW as DLs and preserve the
corresponding membership list.
A1 - Yes. Riva will create a corresponding DL in
eDir/GW that uses the same name as the AD DG object and it will create the same
membership list provided the users in eDir are "in scope" for the Riva policy.
For users in AD that are not "in scope", they will not be created in eDir/GW and
will not be included in the new DL's membership.
Q2 - Will existing eDir/GW Distribution Lists be recreated in AD as a
Distribution Group.
A2 - No. Riva GroupWise for AD uses one-way
synchronization from AD to eDir/GW. Existing eDir/GW user accounts and
DGs will not be created in the AD domain.
Q3 - If a new user is created in AD domain "in scope", Riva "GW for AD"
will create the corresponding eDir/GW account "in scope". Does the contact info
for that account get copied from the AD user to the eDir/GW user including the
corresponding address book contact?
A3 - Yes
Q4 - If the contact details of an existing AD user that is "in scope" are
modified, does Riva "GW for AD" modify those contact details in the
corresponding eDir/GW account and address book contact?
Q4 - Yes
Q5 - If an existing AD user that is "in scope" is deleted or moved out of
scope, what happens to the corresponding eDir/GW account?
A5 - Deleting "in scope" AD user objects are handled according to the Riva policy
options - the corresponding eDir/GW account will be either deleted, disabled or expired. Moving an AD user out of scope makes it invisible to Riva, so that
changes to the AD user are no longer picked up by the policy and the corresponding eDir/GW account is no longer modified.
Q6 - If an "in scope" eDir/GW account is moved "out of scope", what happens
to the corresponding "in scope" AD account?
A6 - Nothing. Riva "GW for AD" is currently a unidirectional policy
only. If the AD object is subsequently modified, the
corresponding eDir/GW object will be moved back "in scope" to a corresponding
context location in eDir.
Q7 - If an "in scope" eDir/GW account is deleted, what happens to the
corresponding "in scope" AD account?
A7 - Nothing. We are currently a unidirectional policy
only. If the corresponding AD account is modified, Riva will recreate a new corresponding eDir/GW account.
Q8 - If a new AD user is created "in scope" and there is an existing
eDir/GW account, but the eDir account is "out of scope", what happens?
A8 - Riva will not be able to match to the existing
user. It will try to create a new user in-scope, but that will likely fail due
to uniqueness constraints in eDirectory/GW.
Q9 - If an "in scope" DG membership list is changed, will
the membership list of the corresponding eDir/GW DL be modified?
A9 - Yes
Edited by Gordon Welling on 18-March-2010 at 12:48pm
|
Forum Locked)
Omni Web Forum : Riva Identity Integration : Riva Identity Integration for Active Directory and GroupWise
Topic: How does "GW for AD" Data Sync Work
