You can use the resync command to perform an initial synchronization from the source to the destination. It iterates through all entries in the source server and compares them with their counterparts in the destination server.
Any source entries that are not found in the destination are created. For entries that exist in both the source and the destination, any differences identified between them will cause the destination entry to be updated to match the source.
You can run the resync --help command to see the complete usage information for the tool, but in many cases, you only need to specify the name of the sync pipe. For example:
resync --pipe-name "LDAP Source to SCIM 2.0 Destination"
Because the System for Cross-domain Identity Management (SCIM) 2.0 sync destination uses its own attribute mapping in
addition to the mapping performed by the sync class, there might be cases in which
the resync command believes the source and destination versions
of an entry to be out of sync when they are actually in sync. This is especially
true if the sync class is configured with an
auto-mapped-source-attribute value of
-all-
.
This can cause the resync command to report that a lot more entries are being modified than actually are being updated because the SCIM 2.0 sync destination performs its own comparison of the source and destination entries and might not attempt any update if it already sees that they are equivalent.
This doesn’t have any adverse effects, but you can update the
auto-mapped-source-attribute
property to explicitly list only
the names of the source attributes that might be used to create the SCIM 2.0
representation of the entry.