When you use the
sync-pipe tool to configure AD or AD-LDS as a one-way
sync with PingDirectory, three AD password policy state
attributes require user input to map to a corresponding PingDirectory attribute.
The following table shows these three attributes, the intermediate attribute that is formed between PingDirectory and AD (or AD-LDS), and the extended operation type used by the Directory Server to apply the change.
|AD and AD-LDS attribute
In AD-LDS, the corresponding attribute is
Intermediate attributes only exist in memory on the PingDataSync server so that they can be consumed for attribute mappings. They don't exist on either the AD server or on the PingDirectory server.
By default, the
modifies-as-creates sync class property is set to
The above attributes might not be synchronized as expected when the following is true:
- You are using the
modifies-as-createssync class property is set to
- A modification is detected on the source endpoint to a missing entry on the destination endpoint.
- The modification is to attributes other than the three AD password policy state attributes previously mentioned.
To avoid this known issue, you can run the
resync tool instead of
realtime-sync tool. Using
correctly copy all attributes. For more information, see Resync tool.