--- title: Prepare external server communication description: The prepare-endpoint-server tool sets up any communication variances that can occur between PingDataSync and the external servers. Typically, directory servers can have different security settings, privileges, and passwords configured on the Sync Source that might reject the import of entries in the Sync Destination. component: pingdirectory version: 11.0 page_id: pingdirectory:pingdatasync_server_administration_guide:pd_sync_prep_external_server_comm canonical_url: https://docs.pingidentity.com/pingdirectory/11.0/pingdatasync_server_administration_guide/pd_sync_prep_external_server_comm.html revdate: September 13, 2023 section_ids: about-this-task: About this task steps: Steps --- # Prepare external server communication ## About this task The `prepare-endpoint-server` tool sets up any communication variances that can occur between PingDataSync and the external servers. Typically, directory servers can have different security settings, privileges, and passwords configured on the Sync Source that might reject the import of entries in the Sync Destination. The `prepare-endpoint-server` tool also creates a Sync User Account and its privileges on all of the external servers (see [Sync user account](pd_sync_user_account.html) for more detailed information). The `prepare-endpoint-server` tool verifies that the account has the proper privileges to access the `firstChangeNumber` and `lastChangeNumber` attributes in the root DSE entry so that it can access the latest changes. If the Sync User does not have the proper privileges, PingDataSync displays a warning message, which is saved in the `logs/prepare-endpoint-server.log` file. | | | | - | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | If the synchronization topology was created using the `create-sync-pipe-config` tool, this command does not need to be run. It is already part of the `create-sync-pipe-config` process. | Perform the following steps to prepare PingDataSync for external server communication: ## Steps 1. Use the `prepare-endpoint-server` tool to prepare the directory server instances on the remote host for synchronization as a data source for the subtree, `dc=example,dc=com`. If the user account is not present on the external server, it will be created if a parent entry exists. ```shell $ bin/prepare-endpoint-server \ --hostname sun-ds1.example.com \ --port 21389 \ --syncServerBindDN "cn=Sync User,dc=example,dc=com" \ --syncServerBindPassword secret \ --baseDN "dc=example,dc=com" \ --isSource ``` 2. When prompted,enter the bind DN and password to create the user account. This step enables the change log database and sets the `changelog-maximum-age` property. 3. Repeat steps 1–2 for any other external source servers. 4. For the destination servers, repeat steps 2–3 and include the `--isDestination` option. If destination servers do not have any entries, a "Denied" message will display when creating the `cn=Sync User` entry. ```shell $ bin/prepare-endpoint-server \ --hostname PingIdentity-ds1.example.com \ --port 33389 \ --syncServerBindDN "cn=Sync User,cn=Root DNs,cn=config" \ --syncServerBindPassword sync \ --baseDN "dc=example,dc=com" \ --isDestination ``` 5. Repeat step 4 for any other destination servers.