I am a much bigger fan of either cleaning up the NT domains prior to migration, or getting a list of current active users from the mainframe and only migrating those users from the NT domains. In both those situations you end up and only the active users in AD which I prefer to do since I don't want to migrate junk from old domains into my newly created and clean AD environment.
Not much help on your dirsync issues, but I have't worked with either so I won't bother to comment on that part. Phil -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nicolas Blank Sent: Tuesday, March 08, 2005 10:14 AM To: [email protected] Subject: RE: [ActiveDir] LDAP dir syncproduct to AD Good question. At this stage this is what I've been made aware of: No RACF (phew) LDAP Connector to mainframe - I haven't been told what version yet User and Attribute sync to AD from the mainframe is the primary goal. The business centres around mainframe existance. If you don't exist on the mainframe - you don't exist. This means that user provisioning AND identity currently happens there as a start. At this point there's a TON of NT4 domains (around 600) that will be switched off. Users used to be created automagically via a process from mainframe to NT 4 domains, however users were never killed off the NT domains when they died on the mainframe. Going forward, this means that users will be synced from the mainframe via LDAP - ergo the sync tool requirement to AD to a dump container. Users from the NT domains will be merge migrated to a sepparate container, and whatever is left behind will be investigated and killed. Migration tools are in place to do this, that the easy bit. The unknown entity is talking to a mainframe via LDAP with no knowledge at this point of what flavour of LDAP it's talking. The Imanami product looks really fine on "paper" - generic ldap connectivity, attribute transformation, supports schema extensions, etc, however I've never met anyone who's used it in anger. I'm trying to stay away from a scripted solution, since object colision resolution, attribute transformation, object matching, delta syncing, etc are pretty standard in the tool world, without having to re-script the weel. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: 08 March 2005 04:03 PM To: [email protected] Subject: RE: [ActiveDir] LDAP dir syncproduct to AD I think Murray brings up some good points. What are your requirements exactly? To differentiate between the products (or others) you'll need to understand what the ultimate goal is and what you have to work with. For example, is this a RACF sync? Or LDAP or ?? What exactly needs to sync? Passwords? Accounts? Questions like that should help to differentiate. Al -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Murray Wall Sent: Tuesday, March 08, 2005 6:45 AM To: [email protected]; Nicolas Blank Subject: RE: [ActiveDir] LDAP dir syncproduct to AD Nic, we have implemented Simple Sync, for roughly about 12 connectors and are pleased with the tool. It is syncing roughly 30000 LDAP entries between exchange 5.5, 2000 and 2003 organizations with the exchange 5.5 organization being the root forest. In my mind, it would depend on your needs, and if you require a more advanced 'meta' directory. Simple Sync is a FIFO sync utility not a download all the updates to a meta dir, process them, then resync out (sounds like a description for msmail t1, t2 sync processes!) We are very pleased with the product and the support we get from them. I have no experience with the Imanami product. If you are looking for a LDAP in, LDAP out with transposing, or what have you, I would definitely recommend the Simple Sync. Murray Wall [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nicolas Blank Sent: Tuesday, March 08, 2005 1:56 AM To: [email protected] Subject: [ActiveDir] LDAP dir syncproduct to AD Hi all Anyone ever have to choose between Simple Sync and Imanami Directory Transformation Manager ? I'm talking to a mainframe via LDAP going to AD and on "paper" Imanami looks the better choice. Anyone have any recommendations either way? I've seen simple sync mentioned at least once on this list and also know it's maybe not the best product out there, even though it does the job and am keen to get any feedback on anything else? Thanks in advance for any feedback Nic List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
