A small correction... That KB article is actually 269843. Not sure why I remembered that one off hand except that I was deathly afraid when we kicked in the ADC that this would happen and our DNs would change for all of our exchange enabled users which would have been a HUGE disaster for us. While it isn't the best practice, you can't stop it in a large company, many people working on LDAP apps would hard code specific DNs or do searches on the cn or name and this would have wiped out every one of those apps.
The actual link to the KB is http://support.microsoft.com/default.aspx?scid=kb;en-us;269843 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, July 30, 2004 1:55 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD replication from 5.5 using ADC The process for modifying the CAs is the same for E2k3. In our 5.5 to 2K3 migration we had a bunch of undesirable special characters and group identifiers in the 5.5 display that the ADC would replicate to the AD cn and name fields. Following MSKB 269834 stopped the 5.5 display name from overwriting cn and name, and replicated the 5.5 displayname only to the AD displayname. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Graham Turner Sent: Friday, July 30, 2004 11:41 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] AD replication from 5.5 using ADC Al, the document i reference is titled "Understanding an Deploying Exchange 2000 Active Directory Connector" - sourced from the given URL I am aware that this is for Ex2k ADC - but can find no similar document for Ex2k3 ! so i have taken assumption this is not to far off !?? your are perhaps right on "my expectation" - my initial view has been to replicate data only from the 5.5 where it is required - by implication the AD is the authoritative data source this is the rationale behind my endeavour to understand how to manage, prior to what will likely be a big hit, the data that is brought into the directory from 5.5 GT ----- Original Message ----- From: "Mulnick, Al" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, July 30, 2004 4:09 PM Subject: RE: [ActiveDir] AD replication from 5.5 using ADC > Graham, it sounds like you have different expectations of what the ADC does > for you. In the scenario you speak of, ADC is considering 5.5 to be > authoritative for several fields. If you have multiple sites (5.5 or Active > Directory) I suggest you get this worked out in some way to maintain > consistency both before as well as after you join the directories. > > On that note, since this is a directory join question, I think it's on topic > for this forum. > > If this is not something you want to have happen, you can modify the > behavior for several of the attributes but I was under the impression > that modifying the flags you mention is not the way it's done in 2003. > Just can't remember where I saw that at the moment. :) I'll look if > it's applicable to your situation, but it's likely one of the docs on > http://www.microsoft.com/exchange/library > > > Finally, what document are you referencing so we can all see the same > information. If it needs to be fixed, then we should submit that for > fixing. > > Al > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Graham Turner > Sent: Friday, July 30, 2004 10:04 AM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] AD replication from 5.5 using ADC > > hopefully once again i am not charged with going too O/T with this > one, but > was looking to get a bit of further information on the potential > impact of a > replication from an exchange 5.5 server to a win2k AD > > it seems there is potential for the change of attributes already in > the AD if there is different data in the 5.5 directory. > > the most obvious of these seems to be the "display name" given its > prevalence in most directories, and likelihood (this is true in this specfic > case) of different convention being used between the directories; > > in 5.5 we have surname ^ firstname , whilst on AD we have the other > way round ! > > i have reviewed the ADC documentation > > seems there are two ways we can acheive some sort of control - > > i. default adc policy where we can set globally certain attribute data > not to be replicated > > ii. 'connection agreement' policy which is manipulated using ADSI edit > > the latter seems preferable given scope for different CA configuration > > could anyone possibly explain what this actually does - the ADC doc's > reference quotes "Do not overwrite RDN with the Exchange 5.5 Alias > attribute." > > don't know if this is a typo but the alias in a 5.5 directory does not look > to relate to the display name as the technote seems to suggest > > does this ADC configuraton value relate ONLY to the replication of the > "display name" ?? > > am i also right to say that this MSEXCHSERVER1FLAGS value controls the > behaviour when replicating to Windows (and by implication from > Exchange > 5.5 ) ?? and that the msexchserver2flags value controls the behaviour > the other way round ? > > if i am too O/T my apologies - > > GT > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
