CONFIGURING
About this task
Domino includes a set of tools to make synchronization between Domino and Active Directory simple and easy. The Active Directory Domino Upgrade Service (AD DUS) is a tool that you can use with Active Directory synchronization (ADSync) when you have data in your Active Directory and you have just installed Domino. AD DUS can optionally be used to migrate all or a set of your Active Directory users. After you've done that, you can start using ADSync to maintain those users in Active Directory and in Domino.
User options are available to register Notes users in Active Directory. In the Domino Administrator's user registration interface, there is a Windows User Options button on the Other panel of the Register Person - New Entry dialog box. You can select options to register a user in Active Directory at the same time that the user is registered in Domino. This is essentially the opposite of what ADSync does. Regardless of the tool with which you register a new user in both directories, you can use ADSync to synchronize and delete users from both directories. You can also use ADSync to rename users in both directories.
You can synchronize Person and Group documents in the Domino Directory, and user and group accounts in Active Directory. When you register or delete a Notes user or delete a Notes group, you can automatically update the Active Directory. Use the Notes synchronization options to enable the synchronization of all operations.
Conversely, special menu options and dialog boxes added to the Users and Computers snap-in of the Microsoft Management Console (MMC) enable you to specify that additions, deletions, and name changes made to Active Directory user or group accounts be reflected in the Domino Directory. You can also add existing Active Directory user or group accounts to the Domino Directory, and synchronize Active Directory and Domino Directory entries.
These directory synchronization features let you keep both the Domino Directory and Active Directory current without having to update both when either changes. Also, you can manage user and group information in the Domino Directory and the Active Directory through a single interface of your choice, either Domino or Windows 2003.
You must have a properly certified Notes ID and appropriate access to make any changes to a Domino Directory from Notes or Windows 2003, and have the appropriate rights if you are going to use the Domino server-defined certification authority (CA) to certify users on Domino. Use a Notes 6 or later client, and Domino 6 or later server as your registration server. You must create policies that contain registration settings documents, either implicit or explicit, for all Domino certifiers with which you are going to certify new users. Also, you must have appropriate rights in the Active Directory allowing you to add user accounts and synchronize passwords.
To set up Domino Active Directory synchronization
Install the Active Directory domain controller, the Domino server, and the Domino Administrator on separate computers to improve performance and enhance security. However, if necessary you may install the Domino server on the same computer as the Active Directory domain controller.
Procedure
1. Log into the Windows domain using a user account with administrative rights.
2. From the Windows 2003 Server CD, install the Windows 2003 Administration Tools Pack (adminpak.msi).
4. Install, but do not run, the Domino Administrator.
5. Open a command prompt. From your Notes install directory, type:
A message box appears indicating that registration is complete. This can take up to one minute.
7. From the Domino Administrator, create an organizational policy or an explicit policy and a Registration Policy Settings document. You must have at least one policy to use with ADSync.
8. From the Start menu, click Programs -> Administrative Tools -> Active Directory Users and Computers. Click the Domino Options folder.
9. Right-click Domino Directory synchronization, and then choose Options.
10. Enter your Notes password.
11. Click the Notes Settings tab.
12. Click the Notes Server for Registration button and specify a registration server. This is typically the administration server of the Domino Directory.
13. Click OK.
14. Close and restart Active Directory Users and Computers to allow these changes to take effect.
Related concepts Policies User registration methods
Related tasks Registering new users in Active Directory and in Domino Directory simultaneously Enabling the Notes synchronization options Specifying Notes settings for Active Directory synchronization Mapping Active Directory fields and groups with Domino Directory fields and groups Mapping Active Directory containers to Notes certifiers and policies