Set up a Connection Agreement
Before directory replication can be performed, you must configure a connection agreement
to define the type of connection, authentication, and
server names. Use Microsoft Management Console to configure connection agreements.
- On the Start menu, point to Programs, point to Administrative Tools, and
then click Active Directory Connector Management.
- In the console tree, click Active Directory Connector
.
- On the Action menu, point to New, and then click Connection Agreement
to display the Properties dialog box.
- On the General tab, in Name, type a
name for the Connection Agreement. If you use the symbols /,\,+,<,>,&,^,|,[, ] to create
a Connection Agreement, they will not appear if you view the names of your connection agreements from Windows Explorer. For example, a
Connection Agreement called CA+[Test] will appear as CA Test in Windows Explorer because + and [] are
illegal characters.
- Under Replication direction, click one of the following replication directions:
- To perform a two-way replication, click Two-way. During a two-way
replication, the Windows directory is first updated with Exchange directory information.
- To update the Windows directory, click From
Exchange to Windows.
- To update the Exchange directory, click From
Windows to Exchange.
Note To have the option to add Exchange mailboxes when creating new users in Active Directory Users
and Computers, you must configure a two-way Connection Agreement or a one-way Connection Agreement
from Windows to Exchange. A one-way Connection Agreement from Exchange to Windows will not
provide the option to add a mailbox for the user because one already exists.
-
Under Active Directory Connector service, click the service to
run the Connection Agreement. Only services that are compatible with the
Connection Agreement you are creating or editing are shown.
- On the Connections tab, type the Windows 2000
Server name and the Exchange server name in Server. The specified server
must be the domain controller containing the schema. Click an authentication option
in Authentication. The authentication options are:
Note
In a two-way replication, the specified Exchange and Windows
authentication type and credentials must be able to write to and read from both
the Exchange directory and the Windows 2000 Server Active Directory. In a one-way
replication, the authentication type and credentials must have read access
to the export directory where the information is replicated from, and write access to the
import directory where the information is replicated to.
- To specify the account name to be used for this
replication, click Modify to
display the Connect as dialog box. In Connect as,
type the account name in the form appropriate for the type of authentication you specified.
The appropriate formats are shown in the following table. Then, in Password, type the password.
Click OK.
| Authentication Type |
Account Name Form
|
|
Windows Challenge/Response
|
<domain name>\<account name>
for example:
Redmond\gladysl
|
|
Basic (Clear Text)
|
CN=<account name>,OU=<organizational unit>, DC=<domain>
for example:
CN=gladysl,OU=Admin,OU=Exchange,DC=Microsoft,DC=Com
|
Note When replicating from Exchange you must include the domain name
regardless of the authentication type.
-
On the Connections tab, under Port, you can type an alternative
Lightweight Directory Access Protocol (LDAP) port number for the
Exchange directory.
Note To verify the port number currently being used by the Exchange directory, use
the Exchange Server Administrator program to check the Port number setting on the
General tab of the LDAP (Directory) Settings object. It is located
in the organization name/site name/Configuration/Servers/server name/Protocols container.
- On the Deletion tab, click a method for deleting items during replication.
When you replicate deletions from a Windows 2000 Server Active Directory to an Exchange directory,
select one of the following:
- Delete the Exchange mailbox
Click this option to delete from the Exchange directory
any user account deleted in the Windows directory.
- Keep the Exchange mailbox and store the deletion list in the temporary CSV file
Click this option to store the list of deleted items in a common comma-separated
value (CSV) formatted file.
Information is appended to this file as replication occurs. The log file is located
in %SystemRoot%\Program Files\MSADC\MSADC\<Connection Agreement name>\ex55.csv.
No checking or maintenance is performed on the LocalToRemote
directory, therefore you must ensure that adequate disk space is available for the file.
If the file is no longer needed, you can remove it to increase the amount of space
available on the disk.
When you replicate deletions from an Exchange directory to the Windows 2000 Server Active Directory,
select one of the following:
- Delete the Windows account
Click this option to delete from the Windows directory
any user account deleted in the Exchange directory.
- Keep the Windows account and store the deletion list in the temporary
LDF file
Click this option to store the deletions performed in Exchange as a list of deletions
in an LDF formatted file.
Information will be appended to this file as replication
occurs. The log file is located in %SystemRoot%\Program Files\MSADC\MSADC\<Connection
Agreement name>\Win2000.ldf. No checking or maintenance is performed on the
<Connection Agreement name> directory, therefore you must ensure that adequate disk
space is available for the file. If the file is no longer needed, you can remove it to increase
the amount of space available on the disk.
Note
To review the deletions list, open the log file in Notepad, or, for .csv applications you can use
a spreadsheet application.
To update the Windows 2000 Service Active Directory with the deletions recorded in the log
file, use the LDIF Directory Synchronization Bulk Import/Export tool (Ldifde.exe) found in
the &SystemRoot%\WINNT\System32 directory.
Before you can specify the Exchange recipient containers to use when updating the
Windows 2000 Server Active Directory, you must configure your connection
agreement to replicate from Exchange to Windows. For help configuring
your connection agreement, see Replicating from
Exchange to Windows.
Before you can specify the Windows 2000 Server Active Directory organizational
units to use when updating the Exchange directory, you must configure your
connection agreement to replicate from Windows to
Exchange. For help configuring your connection agreement, see
Replicating from Windows to Exchange.
To set up a replication schedule to perform automatic replication at regular
intervals, see Set up a Replication Schedule.
Related Topics
Understanding Secure Authentication
Replicate from Exchange to Windows
Replicate from Windows to Exchange
Set a Default Policy for Replication
Set Advanced Options
Set up a Replication Schedule