{"id":839,"date":"2008-08-03T14:41:51","date_gmt":"2008-08-03T12:41:51","guid":{"rendered":"http:\/\/www.corelan.be:8800\/index.php\/2008\/08\/03\/merging-syncing-multiple-active-directory-databases-into-one-adam-instance\/"},"modified":"2008-08-03T14:41:51","modified_gmt":"2008-08-03T12:41:51","slug":"merging-syncing-multiple-active-directory-databases-into-one-adam-instance","status":"publish","type":"post","link":"https:\/\/www.corelan.be\/index.php\/2008\/08\/03\/merging-syncing-multiple-active-directory-databases-into-one-adam-instance\/","title":{"rendered":"Merging &amp; Syncing multiple Active Directory databases into one ADAM instance"},"content":{"rendered":"<p><font color=\"#ffffff\">Keywords : ldap authentication multiple domains combine adam adamsync adschemaanalyzer ldap proxy chain ldifde MS-ADAMSyncconf.xml MS-AdamSyncMetadata.ldf MS-ADAMSchemaW2K3.ldf Object Violation Naming Violation Ldap error occured. ldap_add_sW: Object Class Violation.<\/font> <\/p>\n<h4>Case definition :<\/h4>\n<ul>\n<li>2 AD domains, containing user accounts. One of the domains is a 2003 based domain and has the R2 + Exchange 2003 + Exchange 2007 schema extensions, the other one is a 2008 based domain, without any schema extensions.. Both domains have user accounts. <\/li>\n<li>1 third party system that uses LDAP to query for object information.&#160; The system can not perform ldap chaining, it can only connect to one ldap instance. <\/li>\n<li>Question : how can we allow this third party system to use ldap to query information from user accounts in both domains at the same time ? <\/li>\n<\/ul>\n<h4>Solution : <\/h4>\n<p>use ADAM to build a new LDAP enabled user directory, and set up synchronization from the two account domains to the ADAM instance (so the &quot;combined&quot; ADAM directory stays up to date). <\/p>\n<p>&#160;<\/p>\n<h5>Requirements :<\/h5>\n<p>I have installed ADAM on a Windows 2003 R2 server standard edition. If you are not running R2, you need to download ADAM SP1 from the Microsoft website. If you are running R2, you can install ADAM using the Add\/Remove Windows Components wizard (Active Directory Services - ADAM). <\/p>\n<p>By default, ADAM is installed under C:\\Windows\\ADAM<\/p>\n<p>This server does not need to be a member of one of the account domains, but if you want to look at authenticating users later on, I would make it a member of one of the account domains.&#160;&#160; I would advise not to run ADAM on a Domain Controller. (It is possible, but you'll have to pick different LDAP ports to run ADAM on, which may make things more complex. After all, the &quot;system&quot; that uses LDAP authentication may not be able to specify another port other than the default 389 (LDAP) or 636 (LDAP over SSL)<\/p>\n<p>(Note : if you want to use LDAP over SSL, the server running ADAM needs to have a valid certificate)<\/p>\n<p>If you want to authenticate users also, you need to have a trust between the domain where the ADAM instance is hosted, and the other domain(s) that host the user accounts.&#160; This trust can be a one-way trust if required (outgoing trust from the domain that hosts the ADAM instance to the domain(s) that host the user accounts. This way, the ADAM instance will be able to forward the authentication requests to DC's in those account domains). If you are looking to synchronize password information as well (out of scope for this procedure), you will need IIFP &amp; PCNS, which may require forest trusts to be set up.<\/p>\n<p>Futhermore, You'll need to have a user account from both account domains that has access to all attributes of all user accounts in the domain. This account will be used by ADAMSync to synchronize the Account Domain users to ADAM.<\/p>\n<p>Last but not least, the machine running ADAM must be able to find all domains (DNS), find domain controllers in both domains (using DNS) and connect to these DC's.<\/p>\n<h5>Create a new ADAM Instance :<\/h5>\n<p>After installing ADAM, you need to create a new ADAM instance.<\/p>\n<p>You can do this using command-line or using the wizard. Open the Start Menu and navigate to the ADAM folder. Click &quot;Create an ADAM instance&quot; to launch the wizard<\/p>\n<p><a href=\"\/wp-content\/uploads\/2008\/09\/image23.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" style=\"border-top-width: 0px; border-left-width: 0px; border-bottom-width: 0px; border-right-width: 0px\" height=\"161\" alt=\"image\" src=\"\/wp-content\/uploads\/2008\/09\/image-thumb21.png\" width=\"331\" border=\"0\" \/><\/a> <\/p>\n<p>Click &quot;Next&quot; at the Welcome page<\/p>\n<p><a href=\"\/wp-content\/uploads\/2008\/09\/image24.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" style=\"border-top-width: 0px; border-left-width: 0px; border-bottom-width: 0px; border-right-width: 0px\" height=\"181\" alt=\"image\" src=\"\/wp-content\/uploads\/2008\/09\/image-thumb22.png\" width=\"260\" border=\"0\" \/><\/a> <\/p>\n<p>Select &quot;A unique instance&quot; and click &quot;Next&quot;<\/p>\n<p><a href=\"\/wp-content\/uploads\/2008\/09\/image25.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" style=\"border-top-width: 0px; border-left-width: 0px; border-bottom-width: 0px; border-right-width: 0px\" height=\"152\" alt=\"image\" src=\"\/wp-content\/uploads\/2008\/09\/image-thumb23.png\" width=\"260\" border=\"0\" \/><\/a><\/p>\n<p>Provide a name for this instance. This can be anything.&#160; I have picked &quot;LdapProxy1&quot; . Click &quot;Next&quot; to continue<\/p>\n<p><a href=\"\/wp-content\/uploads\/2008\/09\/image26.png\"><img loading=\"lazy\" decoding=\"async\" style=\"border-top-width: 0px; border-left-width: 0px; border-bottom-width: 0px; border-right-width: 0px\" height=\"177\" alt=\"image\" src=\"\/wp-content\/uploads\/2008\/09\/image-thumb24.png\" width=\"260\" border=\"0\" \/><\/a> <\/p>\n<p>Set the LDAP ports and click &quot;Next&quot;<\/p>\n<p><a href=\"\/wp-content\/uploads\/2008\/09\/image27.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" style=\"border-top-width: 0px; border-left-width: 0px; border-bottom-width: 0px; border-right-width: 0px\" height=\"179\" alt=\"image\" src=\"\/wp-content\/uploads\/2008\/09\/image-thumb25.png\" width=\"260\" border=\"0\" \/><\/a> <\/p>\n<p>Select &quot;Yes, create an application directory partition&quot; and enter the partition name.&#160; Despite the fact that the text indicates to pick a distinguished name that uses &quot;CN&quot;, I would recommend not to do this.&#160; Just pick a Partition Name that is based on &quot;DC&quot; attributes. Otherwise, you may end up with &quot;Object Name Violation&quot; errors later on.<\/p>\n<p>In my example, I have used&#160; &quot;DC=Combined,DC=COM&quot;<\/p>\n<p>Click &quot;Next&quot; to continue<\/p>\n<p><a href=\"\/wp-content\/uploads\/2008\/09\/image28.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" style=\"border-top-width: 0px; border-left-width: 0px; border-bottom-width: 0px; border-right-width: 0px\" height=\"133\" alt=\"image\" src=\"\/wp-content\/uploads\/2008\/09\/image-thumb26.png\" width=\"260\" border=\"0\" \/><\/a> <\/p>\n<p>Set the folders where you want to store the data related to this ADAM instance and click &quot;Next&quot;<\/p>\n<p><a href=\"\/wp-content\/uploads\/2008\/09\/image29.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" style=\"border-top-width: 0px; border-left-width: 0px; border-bottom-width: 0px; border-right-width: 0px\" height=\"175\" alt=\"image\" src=\"\/wp-content\/uploads\/2008\/09\/image-thumb27.png\" width=\"260\" border=\"0\" \/><\/a> <\/p>\n<p>Set the instance to either run as Network service or use a user account that has permissions to run as a service. The latter is recommended because this allows you to run the ADAM instance with a low privileged user account. Click &quot;Next&quot; to continue<\/p>\n<p><a href=\"\/wp-content\/uploads\/2008\/09\/image30.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" style=\"border-top-width: 0px; border-left-width: 0px; border-bottom-width: 0px; border-right-width: 0px\" height=\"179\" alt=\"image\" src=\"\/wp-content\/uploads\/2008\/09\/image-thumb28.png\" width=\"260\" border=\"0\" \/><\/a> <\/p>\n<p>Select who needs to be granted administrator privileges on the ADAM instance. Click &quot;Next&quot; to continue.<\/p>\n<p><a href=\"\/wp-content\/uploads\/2008\/09\/image31.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" style=\"border-top-width: 0px; border-left-width: 0px; border-bottom-width: 0px; border-right-width: 0px\" height=\"180\" alt=\"image\" src=\"\/wp-content\/uploads\/2008\/09\/image-thumb29.png\" width=\"260\" border=\"0\" \/><\/a> <\/p>\n<p><a href=\"\/wp-content\/uploads\/2008\/09\/image32.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" style=\"border-top-width: 0px; border-left-width: 0px; border-bottom-width: 0px; border-right-width: 0px\" height=\"121\" alt=\"image\" src=\"\/wp-content\/uploads\/2008\/09\/image-thumb30.png\" width=\"260\" border=\"0\" \/><\/a> <\/p>\n<p>Import at least the MS-User.LDP file. Click &quot;Next&quot; to continue<\/p>\n<p>Click &quot;Next&quot; to finalize the setup of the ADAM Instance. When the installation has complete, verify that the instance is running<\/p>\n<p><a href=\"\/wp-content\/uploads\/2008\/09\/image33.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" style=\"border-top-width: 0px; border-left-width: 0px; border-bottom-width: 0px; border-right-width: 0px\" height=\"75\" alt=\"image\" src=\"\/wp-content\/uploads\/2008\/09\/image-thumb31.png\" width=\"260\" border=\"0\" \/><\/a> <\/p>\n<p>You can use netstat -na&#160; to verify that ports 389 and 636 are listening.<\/p>\n<p>Finally, use the &quot;ADAM ADSI Edit&quot; utility (from the ADAM Program Folder) to connect to the instance &amp; validate that it is operational :<\/p>\n<p><a href=\"\/wp-content\/uploads\/2008\/09\/image34.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" style=\"border-top-width: 0px; border-left-width: 0px; border-bottom-width: 0px; border-right-width: 0px\" height=\"145\" alt=\"image\" src=\"\/wp-content\/uploads\/2008\/09\/image-thumb32.png\" width=\"179\" border=\"0\" \/><\/a> <\/p>\n<p><a href=\"\/wp-content\/uploads\/2008\/09\/image35.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" style=\"border-top-width: 0px; border-left-width: 0px; border-bottom-width: 0px; border-right-width: 0px\" height=\"260\" alt=\"image\" src=\"\/wp-content\/uploads\/2008\/09\/image-thumb33.png\" width=\"252\" border=\"0\" \/><\/a> <\/p>\n<p><a href=\"\/wp-content\/uploads\/2008\/09\/image36.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" style=\"border-top-width: 0px; border-left-width: 0px; border-bottom-width: 0px; border-right-width: 0px\" height=\"107\" alt=\"image\" src=\"\/wp-content\/uploads\/2008\/09\/image-thumb34.png\" width=\"368\" border=\"0\" \/><\/a> <\/p>\n<p>&#160;<\/p>\n<h5>Set up \/ extend the ADAM Schema :<\/h5>\n<p>Before you can start synchronizing AD to ADAM, you need to make sure the ADAM schema contains the same extensions as the AD Schema of the source domain(s). So for each of the source domains, you need to follow these steps (unless all of the source domains have the same schema version. In that case, you only need to do this just once).<\/p>\n<p>By default, the ADAM schema does not contain a lot of attributes\/classes\/...<\/p>\n<p>There are 2 ways to extend the ADAM Schema. You can start with applying a default Windows 2003 schema and then find any differences between the 2003 schema and the schema on the account domain, and apply those differences, or you you can extend the ADAM schema by grabbing the default (limited) ADAM schema, grabbing the schema from the source account domain, listing the difference between the two, and then apply the entire set of differences to ADAM.<\/p>\n<p>Most documentation about ADAM tells you to first apply the Windows 2003 schema by running<\/p>\n<div>\n<pre style=\"padding-right: 0px; padding-left: 0px; font-size: 8pt; padding-bottom: 0px; margin: 0em; overflow: visible; width: 100%; color: black; border-top-style: none; line-height: 12pt; padding-top: 0px; font-family: consolas, &#39;Courier New&#39;, courier, monospace; border-right-style: none; border-left-style: none; background-color: #f4f4f4; border-bottom-style: none\"><p>ldifde -i -s localhost -c &quot;CN=Configuration,DC=X&quot; #ConfigurationNamingContext _<\/p><p> -f MS-ADAMSchemaW2K3.ldf<\/p><\/pre>\n<\/div>\n<p>If you have Exchange 2003 extension, I would NOT recommend doing this.&#160; Because of the Exchange schema change, you may get errors when trying to sync AD to ADAM.&#160; <\/p>\n<div>\n<pre style=\"padding-right: 0px; padding-left: 0px; font-size: 8pt; padding-bottom: 0px; margin: 0em; overflow: visible; width: 100%; color: black; border-top-style: none; line-height: 12pt; padding-top: 0px; font-family: consolas, &#39;Courier New&#39;, courier, monospace; border-right-style: none; border-left-style: none; background-color: #f4f4f4; border-bottom-style: none\"><p>Ldap error occured. ldap_add_sW: Object Class Violation.\nExtended Info: 0000207D: UpdErr: DSID-0315119D, problem 6002 (OBJ_CLASS_VIOLATION), <\/p><p>data -1760298156.<\/p><\/pre>\n<\/div>\n<p>So if you are running a default 2003\/2003 R2 schema, this may be fine.&#160; But if you have extended the schema in your account domain with other attributes, I would <u>not<\/u> use the MS-ADAMSchemaW2K3.ldf file, but I would rather create a full list of schema differences and apply the entire set of differences to ADAM right away.<\/p>\n<p>This is how it works :<\/p>\n<p><strong><u>Account Domain 1<\/u><\/strong> : corelan.be, Windows 2003 R2 schema, with Exchange 2003 and 2007 schema extensions<\/p>\n<p>On the server running ADAM, open a command prompt in the C:\\Windows\\Adam folder (&quot;ADAM Tools Command Prompt&quot; in the ADAM Start Meny Program Folder), and run &quot;ADSchemaAnalyzer&quot;<\/p>\n<p><a href=\"\/wp-content\/uploads\/2008\/09\/image37.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" style=\"border-top-width: 0px; border-left-width: 0px; border-bottom-width: 0px; border-right-width: 0px\" height=\"65\" alt=\"image\" src=\"\/wp-content\/uploads\/2008\/09\/image-thumb35.png\" width=\"260\" border=\"0\" \/><\/a> <\/p>\n<p><a href=\"\/wp-content\/uploads\/2008\/09\/image38.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" style=\"border-top-width: 0px; border-left-width: 0px; border-bottom-width: 0px; border-right-width: 0px\" height=\"156\" alt=\"image\" src=\"\/wp-content\/uploads\/2008\/09\/image-thumb36.png\" width=\"227\" border=\"0\" \/><\/a> <\/p>\n<p>The target schema = the schema of the Account Domain. So enter the name of a DC from the Account domain, and specify the requried Domain Admin credentials in order to properly connect to the domain. Press &quot;OK&quot; and wait until the classes and attributes have been loaded<\/p>\n<p><a href=\"\/wp-content\/uploads\/2008\/09\/image39.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" style=\"border-top-width: 0px; border-left-width: 0px; border-bottom-width: 0px; border-right-width: 0px\" height=\"233\" alt=\"image\" src=\"\/wp-content\/uploads\/2008\/09\/image-thumb37.png\" width=\"293\" border=\"0\" \/><\/a> <\/p>\n<p>&#160;<\/p>\n<p>Next, Open &quot;File&quot; - &quot;Load base schema&quot; and enter the hostname of the machine running the ADAM instance (localhost). Press &quot;OK&quot; to grab the current ADAM schema.<\/p>\n<p><a href=\"\/wp-content\/uploads\/2008\/09\/image40.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" style=\"border-top-width: 0px; border-left-width: 0px; border-bottom-width: 0px; border-right-width: 0px\" height=\"250\" alt=\"image\" src=\"\/wp-content\/uploads\/2008\/09\/image-thumb38.png\" width=\"260\" border=\"0\" \/><\/a> <\/p>\n<p>Now you need to mark all differences for export. Click &quot;Schema&quot; and select &quot;Mark all non-present elements as included&quot;local<\/p>\n<p><a href=\"\/wp-content\/uploads\/2008\/09\/image41.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" style=\"border-top-width: 0px; border-left-width: 0px; border-bottom-width: 0px; border-right-width: 0px\" height=\"112\" alt=\"image\" src=\"\/wp-content\/uploads\/2008\/09\/image-thumb39.png\" width=\"260\" border=\"0\" \/><\/a><\/p>\n<p>Now you can save the differences between the two schema's via &quot;File - Create LDIF File&quot;. Save the file (example : FullADSchema2003.LDF) and close the application<\/p>\n<p><a href=\"\/wp-content\/uploads\/2008\/09\/image42.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" style=\"border-top-width: 0px; border-left-width: 0px; border-bottom-width: 0px; border-right-width: 0px\" height=\"223\" alt=\"image\" src=\"\/wp-content\/uploads\/2008\/09\/image-thumb40.png\" width=\"299\" border=\"0\" \/><\/a> <\/p>\n<p><a href=\"\/wp-content\/uploads\/2008\/09\/image43.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" style=\"border-top-width: 0px; border-left-width: 0px; border-bottom-width: 0px; border-right-width: 0px\" height=\"234\" alt=\"image\" src=\"\/wp-content\/uploads\/2008\/09\/image-thumb41.png\" width=\"435\" border=\"0\" \/><\/a> <\/p>\n<p>Now you can apply these schema differences to the ADAM instance, using the following command (depending on the number of objects, this may take a while) :<\/p>\n<div>\n<pre style=\"padding-right: 0px; padding-left: 0px; font-size: 8pt; padding-bottom: 0px; margin: 0em; overflow: visible; width: 100%; color: black; border-top-style: none; line-height: 12pt; padding-top: 0px; font-family: consolas, &#39;Courier New&#39;, courier, monospace; border-right-style: none; border-left-style: none; background-color: #f4f4f4; border-bottom-style: none\"><p><strong><font color=\"#0000a0\">ldifde.exe -i -s localhost -c &quot;CN=Configuration,DC=X&quot; #ConfigurationNamingContext _ <\/font><\/strong><\/p><p><strong><font color=\"#0000a0\">-f FullADSchema2003.ldf<\/font><\/strong><\/p><p>Connecting to &quot;localhost&quot;<\/p><p>Logging in as current user using SSPI<\/p><p>Importing directory from file &quot;FullADSchema2003.ldf&quot;<\/p><p>Loading entries.................................................................<\/p><p>................................................................................<br \/>................................................................................<br \/>................................................................................<br \/>................................................................................<br \/>................................................................................<br \/>................................................................................<br \/>................................................................................<br \/>................................................................................<br \/>................................................................................<br \/>................................................................................<br \/>................................................................................<br \/>................................................................................<br \/>................................................................................<br \/>................................................................................<br \/>................................................................................<br \/>................................................................................<br \/>................................................................................<br \/>................................................................................<br \/>................................................................................<br \/>................................................................................<br \/>................................................................................<br \/>................................................................................<br \/>................................................................................<br \/>................................................................................<br \/>................................................................................<br \/>................................................................................<br \/>................................................................................<br \/>................................................................................<br \/>................................................................................<br \/>................................................................................<br \/>................................................................................<br \/>................................................................................<br \/>................................................................................<br \/>................................................................................<br \/>..............................................................................<\/p><p>2862 entries modified successfully. <\/p><p>The command has completed successfully<\/p><\/pre>\n<\/div>\n<p>(Note : if you want to replace CN=Configuration,DC=X by something else, make sure to update all LDF and XML files from this point forward, and to replace DC=X by whatever value you want to use, however it does not really matter what value you use here as it will not be used when you just want to use ADAM for LDAP authentication). If you get errors such as <\/p>\n<div>\n<pre style=\"padding-right: 0px; padding-left: 0px; font-size: 8pt; padding-bottom: 0px; margin: 0em; overflow: visible; width: 100%; color: black; border-top-style: none; line-height: 12pt; padding-top: 0px; font-family: consolas, &#39;Courier New&#39;, courier, monospace; border-right-style: none; border-left-style: none; background-color: #f4f4f4; border-bottom-style: none\">Add error on line 10231: Referral\nThe server side error is: 0x202b A referral was returned from the server.\nThe extended server error is:\n0000202B: RefErr: DSID-0310073F, data 0, 1 access points\n        ref 1: 'x'<\/pre>\n<\/div>\n<p>then verify the ldf file and make sure there are no errors\/mistakes around that line (which should not happen if you do not change\/replace the DC=X by something else) <\/p>\n<p>&#160;<\/p>\n<p>You can verify that the ldifde has worked by opening ADAM-adsiedit, connecting to the ADAM instance and looking at the properties of the DC=Combined,DC=COM instance and verifying that the new attributes are visible<\/p>\n<p><a href=\"\/wp-content\/uploads\/2008\/09\/image44.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" style=\"border-top-width: 0px; border-left-width: 0px; border-bottom-width: 0px; border-right-width: 0px\" height=\"298\" alt=\"image\" src=\"\/wp-content\/uploads\/2008\/09\/image-thumb42.png\" width=\"406\" border=\"0\" \/><\/a> <\/p>\n<p>&#160;<\/p>\n<p>&#160;<\/p>\n<p>Now you need to do the same actions for the second account domain, assuming that it is running a different&#160; schema version than the one from the first account domain (which has now been applied to the ADAM instance)<\/p>\n<p><strong><u>Account Domain 2 :<\/u><\/strong> corelantest.be, Windows 2008 schema. Domain is running Windows Server 2008 Forest functional level.<\/p>\n<p>Run the ADSchemaAnalyzer.exe again, load the Target Schema from the DC from the corelantest.be domain<\/p>\n<p><a href=\"\/wp-content\/uploads\/2008\/09\/image45.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" style=\"border-top-width: 0px; border-left-width: 0px; border-bottom-width: 0px; border-right-width: 0px\" height=\"260\" alt=\"image\" src=\"\/wp-content\/uploads\/2008\/09\/image-thumb43.png\" width=\"254\" border=\"0\" \/><\/a><\/p>\n<p>Again, when connecting to the remote DC, don't forget to specify credentials if required. <\/p>\n<p>Next load the base schema from the local ADAM instance (which has now already been updated with the R2, Exchange 2003 and 2007 extensions, because those extensions were loaded in the corelan.be domain).<\/p>\n<p><a href=\"\/wp-content\/uploads\/2008\/09\/image46.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" style=\"border-top-width: 0px; border-left-width: 0px; border-bottom-width: 0px; border-right-width: 0px\" height=\"222\" alt=\"image\" src=\"\/wp-content\/uploads\/2008\/09\/image-thumb44.png\" width=\"346\" border=\"0\" \/><\/a> <\/p>\n<p>&#160;<\/p>\n<p>Next, click &quot;Mark all non-present elements as included&quot; from the &quot;Schema&quot; menu, and finally, save the differences in a unique LDF file (e.g. ADDiff2008.LDF)<\/p>\n<p><a href=\"\/wp-content\/uploads\/2008\/09\/image47.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" style=\"border-top-width: 0px; border-left-width: 0px; border-bottom-width: 0px; border-right-width: 0px\" height=\"157\" alt=\"image\" src=\"\/wp-content\/uploads\/2008\/09\/image-thumb45.png\" width=\"362\" border=\"0\" \/><\/a> <\/p>\n<p>Now apply the differences to your ADAM instance. Since the local ADAM instance already has a considerable amount of attributes &amp; classes, this should not take very long :<\/p>\n<div>\n<pre style=\"padding-right: 0px; padding-left: 0px; font-size: 8pt; padding-bottom: 0px; margin: 0em; overflow: visible; width: 100%; color: black; border-top-style: none; line-height: 12pt; padding-top: 0px; font-family: consolas, &#39;Courier New&#39;, courier, monospace; border-right-style: none; border-left-style: none; background-color: #f4f4f4; border-bottom-style: none\"><strong><font color=\"#0000a0\">ldifde.exe -i -s localhost -c &quot;CN=Configuration,DC=X&quot; #ConfigurationNamingContext -f ADDiff2008.ldf\n<\/font><\/strong>Connecting to &quot;localhost&quot;\nLogging in as current user using SSPI\nImporting directory from file &quot;ADDiff2008.ldf&quot;\nLoading entries.................................................................\n................................................................................\n........................\n168 entries modified successfully.\n\nThe command has completed successfully<\/pre>\n<\/div>\n<p>&#160;<\/p>\n<p>&#160;<\/p>\n<h5>Import ADAMSync Metadata :<\/h5>\n<p>Before you can start synchronizing, you need to import ADAMSync metadata to the ADAM Instance. You can do this using the following command :<\/p>\n<div>\n<pre style=\"padding-right: 0px; padding-left: 0px; font-size: 8pt; padding-bottom: 0px; margin: 0em; overflow: visible; width: 100%; color: black; border-top-style: none; line-height: 12pt; padding-top: 0px; font-family: consolas, &#39;Courier New&#39;, courier, monospace; border-right-style: none; border-left-style: none; background-color: #f4f4f4; border-bottom-style: none\"><p><strong><font color=\"#0000a0\">ldifde.exe -i -s localhost -c &quot;CN=Configuration,DC=X&quot; #ConfigurationNamingContext _ <\/font><\/strong><\/p><p><strong><font color=\"#0000a0\">-f MS-AdamSyncMetadata.LDF<\/font><\/strong><\/p><p>Connecting to &quot;localhost&quot;\nLogging in as current user using SSPI\nImporting directory from file &quot;MS-AdamSyncMetadata.LDF&quot;\nLoading entries..........\n9 entries modified successfully.\n\nThe command has completed successfully<\/p><\/pre>\n<\/div>\n<p>&#160;<\/p>\n<h5>Set up ADAMSync for corelan.be<\/h5>\n<p>For each of the account domains that you want to sync, you will have to create a unique configuration file.&#160; There is a sample config file called MS-ADAMSyncConf.xml available, so I would recommend creating a folder for each of the account domains, copying the example file and renaming it so it reflects the account domain it corresponds to<\/p>\n<p>Since I have 2 account domains, my folder layout looks like this<\/p>\n<p>C:\\Windows\\ADAM\\Sync\\corelan<br \/>\n  <br \/>C:\\Windows\\ADAM\\Sync\\corelantest<\/p>\n<p>Additionally, I have created a folder call &quot;Logs&quot; to store the sync log files later on.<\/p>\n<div>\n<pre style=\"padding-right: 0px; padding-left: 0px; font-size: 8pt; padding-bottom: 0px; margin: 0em; overflow: visible; width: 100%; color: black; border-top-style: none; line-height: 12pt; padding-top: 0px; font-family: consolas, &#39;Courier New&#39;, courier, monospace; border-right-style: none; border-left-style: none; background-color: #f4f4f4; border-bottom-style: none\">C:\\WINDOWS\\ADAM<span style=\"color: #0000ff\">&gt;<\/span>dir *.\n Volume in drive C has no label.\n Volume Serial Number is D8C4-667C\n\n Directory of C:\\WINDOWS\\ADAM\n\n02\/08\/2008  23:05    <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">DIR<\/span><span style=\"color: #0000ff\">&gt;<\/span>          .\n02\/08\/2008  23:05    <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">DIR<\/span><span style=\"color: #0000ff\">&gt;<\/span>          ..\n02\/08\/2008  22:25    <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">DIR<\/span><span style=\"color: #0000ff\">&gt;<\/span>          corelan\n02\/08\/2008  22:25    <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">DIR<\/span><span style=\"color: #0000ff\">&gt;<\/span>          corelantest\n02\/08\/2008  22:28    <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">DIR<\/span><span style=\"color: #0000ff\">&gt;<\/span>          en\n02\/08\/2008  18:00    <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">DIR<\/span><span style=\"color: #0000ff\">&gt;<\/span>          Logs<\/pre>\n<\/div>\n<p>Before we can start syncing, we need to configure the configuration xml file for each (source) account domain - ADAM combination.<\/p>\n<p>Let's start with the configuration file for the corelan (2003 based) account domain.&#160; I have named this file MS-ADAMSyncConfCorelan.xml<\/p>\n<div>\n<pre style=\"padding-right: 0px; padding-left: 0px; font-size: 8pt; padding-bottom: 0px; margin: 0em; overflow: visible; width: 100%; color: black; border-top-style: none; line-height: 12pt; padding-top: 0px; font-family: consolas, &#39;Courier New&#39;, courier, monospace; border-right-style: none; border-left-style: none; background-color: #f4f4f4; border-bottom-style: none\">C:\\WINDOWS\\adam\\corelan<span style=\"color: #0000ff\">&gt;<\/span>dir\n Volume in drive C has no label.\n Volume Serial Number is D8C4-667C\n\n Directory of C:\\WINDOWS\\adam\\corelan\n\n02\/08\/2008  23:09    <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">DIR<\/span><span style=\"color: #0000ff\">&gt;<\/span>          .\n02\/08\/2008  23:09    <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">DIR<\/span><span style=\"color: #0000ff\">&gt;<\/span>          ..\n02\/08\/2008  17:58             2.826 MS-AdamSyncConfCorelan.XML<\/pre>\n<\/div>\n<p>Edit the file using notepad and change the following tags :<\/p>\n<p>&lt;source-ad-name&gt; : enter the AD domain name of the account domain : corelan.be<br \/>\n  <br \/>&lt;source-ad-partition&gt; : enter the distinguished name of the source account domain : DC=corelan,DC=be <\/p>\n<p>&lt;source-ad-account&gt; : enter the username of a domain account in the account domain corelan.be <\/p>\n<p>&lt;source-domain&gt; : enter the AD DNS domain name of the account domain : corelan.be <\/p>\n<p>&lt;target-dn&gt; : enter the ADAM instance DN : DC=Combined,DC=COM <\/p>\n<p>&lt;base-dn&gt; : enter the DN of the domain that is source for replication. If you want to limit the replication to just a specific OU, you can enter the DN of that OU. I will replicate everything in the domain, so I have set this to DC=corelan,DC=be<\/p>\n<p>Next, you need to specify which type of objects, and what attributes you want to replicate. You can select the type of object by editing the &lt;object-filter&gt; tag and entering a object-filter such as (objectCategory=person).<\/p>\n<p>By default, all attribtutes are being synchronised, but if you are only looking for providing ldap authentication to a third party system, you may not need to go through the trouble of getting exchange specific attributes synced. So I would advise to extend the default list of attributes that do not need to be synced by adding the following list to the &lt;exclude&gt; definitions :<\/p>\n<div>\n<pre style=\"padding-right: 0px; padding-left: 0px; font-size: 8pt; padding-bottom: 0px; margin: 0em; overflow: visible; width: 100%; color: black; border-top-style: none; line-height: 12pt; padding-top: 0px; font-family: consolas, &#39;Courier New&#39;, courier, monospace; border-right-style: none; border-left-style: none; background-color: #f4f4f4; border-bottom-style: none\"><span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>msRTCSIP-PrimaryUserAddress<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span> \n<span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>msRTCSIP-UserEnabled<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span> \n<span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>msRTCSIP-PrimaryHomeServer<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span> \n<span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>msRTCSIP-ArchivingEnabled<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span> \n<span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>msRTCSIP-OptionFlags<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span> \n<span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>msRTCSIP-UserPolicy<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span> \n<span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>msExchHomeServerName<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span> \n<span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>msExchALObjectVersion<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span> \n<span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>msExchMailboxSecurityDescriptor<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span> \n<span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>msExchUserAccountControl<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span> \n<span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>msExchMailboxGuid<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span> \n<span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>msExchPoliciesExcluded<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span> \n<span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>msExchMailboxTemplateLink<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span> \n<span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>msExchRecipientDisplayType<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span> \n<span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>msExchUserCulture<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span> \n<span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>msExchVersion<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span> \n<span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>msExchRecipientTypeDetails<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span> \n<span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>msExchOmaAdminWirelessEnable<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span> \n<span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>lastagedchange<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span><\/pre>\n<\/div>\n<p>Save the file.&#160; The entire file looks like this :<\/p>\n<div>\n<pre style=\"padding-right: 0px; padding-left: 0px; font-size: 8pt; padding-bottom: 0px; margin: 0em; overflow: visible; width: 100%; color: black; border-top-style: none; line-height: 12pt; padding-top: 0px; font-family: consolas, &#39;Courier New&#39;, courier, monospace; border-right-style: none; border-left-style: none; background-color: #f4f4f4; border-bottom-style: none\"><span style=\"color: #0000ff\">&lt;?<\/span><span style=\"color: #800000\">xml<\/span> <span style=\"color: #ff0000\">version<\/span><span style=\"color: #0000ff\">=&quot;1.0&quot;<\/span>?<span style=\"color: #0000ff\">&gt;<\/span>\n<span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">doc<\/span><span style=\"color: #0000ff\">&gt;<\/span>    \n <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">configuration<\/span><span style=\"color: #0000ff\">&gt;<\/span>        \n  <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">description<\/span><span style=\"color: #0000ff\">&gt;<\/span>sample Adamsync configuration file<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">description<\/span><span style=\"color: #0000ff\">&gt;<\/span>        \n  <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">security-mode<\/span><span style=\"color: #0000ff\">&gt;<\/span>object<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">security-mode<\/span><span style=\"color: #0000ff\">&gt;<\/span>            \n  <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">source-ad-name<\/span><span style=\"color: #0000ff\">&gt;<\/span>corelan.be<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">source-ad-name<\/span><span style=\"color: #0000ff\">&gt;<\/span>        \n  <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">source-ad-partition<\/span><span style=\"color: #0000ff\">&gt;<\/span>dc=corelan,dc=be<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">source-ad-partition<\/span><span style=\"color: #0000ff\">&gt;<\/span>\n  <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">source-ad-account<\/span><span style=\"color: #0000ff\">&gt;<\/span>ADAMDomainAdmin<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">source-ad-account<\/span><span style=\"color: #0000ff\">&gt;<\/span>                \n  <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">account-domain<\/span><span style=\"color: #0000ff\">&gt;<\/span>corelan.be<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">account-domain<\/span><span style=\"color: #0000ff\">&gt;<\/span>\n  <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">target-dn<\/span><span style=\"color: #0000ff\">&gt;<\/span>dc=combined,dc=com<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">target-dn<\/span><span style=\"color: #0000ff\">&gt;<\/span>        \n  <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">query<\/span><span style=\"color: #0000ff\">&gt;<\/span>            \n   <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">base-dn<\/span><span style=\"color: #0000ff\">&gt;<\/span>dc=corelan,dc=be<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">base-dn<\/span><span style=\"color: #0000ff\">&gt;<\/span>\n   <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">object-filter<\/span><span style=\"color: #0000ff\">&gt;<\/span>(objectCategory=person)<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">object-filter<\/span><span style=\"color: #0000ff\">&gt;<\/span>            \n   <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">attributes<\/span><span style=\"color: #0000ff\">&gt;<\/span>                \n    <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">include<\/span><span style=\"color: #0000ff\">&gt;&lt;\/<\/span><span style=\"color: #800000\">include<\/span><span style=\"color: #0000ff\">&gt;<\/span>                \n    <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>extensionName<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>\n    <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>displayNamePrintable<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>                \n    <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>flags<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>                \n    <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>isPrivelegeHolder<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>                \n    <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>msCom-UserLink<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>                \n    <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>msCom-PartitionSetLink<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>                \n    <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>reports<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>            \n    <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>serviceprincipalname<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>\n    <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>adminCount<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>\n    <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>primarygroupid<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>\n    <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>codePage<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>\n    <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>countryCode<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>\n    <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>msRTCSIP-PrimaryUserAddress<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>\n<span style=\"color: #0000ff\">    &lt;<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>msRTCSIP-UserEnabled<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>\n<span style=\"color: #0000ff\">    &lt;<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>msRTCSIP-PrimaryHomeServer<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>\n<span style=\"color: #0000ff\">    &lt;<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>msRTCSIP-ArchivingEnabled<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>\n<span style=\"color: #0000ff\">    &lt;<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>msRTCSIP-OptionFlags<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>\n<span style=\"color: #0000ff\">    &lt;<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>msRTCSIP-UserPolicy<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>\n<span style=\"color: #0000ff\">    &lt;<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>msExchHomeServerName<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>\n<span style=\"color: #0000ff\">    &lt;<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>msExchALObjectVersion<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>\n<span style=\"color: #0000ff\">    &lt;<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>msExchMailboxSecurityDescriptor<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>\n<span style=\"color: #0000ff\">    &lt;<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>msExchUserAccountControl<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>\n<span style=\"color: #0000ff\">    &lt;<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>msExchMailboxGuid<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>\n<span style=\"color: #0000ff\">    &lt;<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>msExchPoliciesExcluded<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>\n<span style=\"color: #0000ff\">    &lt;<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>msExchMailboxTemplateLink<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>\n<span style=\"color: #0000ff\">    &lt;<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>msExchRecipientDisplayType<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>\n<span style=\"color: #0000ff\">    &lt;<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>msExchUserCulture<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>\n<span style=\"color: #0000ff\">    &lt;<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>msExchVersion<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>\n<span style=\"color: #0000ff\">    &lt;<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>msExchRecipientTypeDetails<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>\n<span style=\"color: #0000ff\">    &lt;<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>msExchOmaAdminWirelessEnable<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>\n<span style=\"color: #0000ff\">    &lt;<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>lastagedchange<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">exclude<\/span><span style=\"color: #0000ff\">&gt;<\/span>\n   <span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">attributes<\/span><span style=\"color: #0000ff\">&gt;<\/span>        \n  <span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">query<\/span><span style=\"color: #0000ff\">&gt;<\/span>        \n  <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">schedule<\/span><span style=\"color: #0000ff\">&gt;<\/span>            \n   <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">aging<\/span><span style=\"color: #0000ff\">&gt;<\/span>                \n    <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">frequency<\/span><span style=\"color: #0000ff\">&gt;<\/span>0<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">frequency<\/span><span style=\"color: #0000ff\">&gt;<\/span>                \n    <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">num-objects<\/span><span style=\"color: #0000ff\">&gt;<\/span>0<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">num-objects<\/span><span style=\"color: #0000ff\">&gt;<\/span>            \n   <span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">aging<\/span><span style=\"color: #0000ff\">&gt;<\/span>            \n   <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">schtasks-cmd<\/span><span style=\"color: #0000ff\">&gt;&lt;\/<\/span><span style=\"color: #800000\">schtasks-cmd<\/span><span style=\"color: #0000ff\">&gt;<\/span>        \n  <span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">schedule<\/span><span style=\"color: #0000ff\">&gt;<\/span>    \n <span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">configuration<\/span><span style=\"color: #0000ff\">&gt;<\/span>    \n <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">synchronizer-state<\/span><span style=\"color: #0000ff\">&gt;<\/span>        \n  <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">dirsync-cookie<\/span><span style=\"color: #0000ff\">&gt;&lt;\/<\/span><span style=\"color: #800000\">dirsync-cookie<\/span><span style=\"color: #0000ff\">&gt;<\/span>        \n  <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">status<\/span><span style=\"color: #0000ff\">&gt;&lt;\/<\/span><span style=\"color: #800000\">status<\/span><span style=\"color: #0000ff\">&gt;<\/span>        \n  <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">authoritative-adam-instance<\/span><span style=\"color: #0000ff\">&gt;&lt;\/<\/span><span style=\"color: #800000\">authoritative-adam-instance<\/span><span style=\"color: #0000ff\">&gt;<\/span>        \n  <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">configuration-file-guid<\/span><span style=\"color: #0000ff\">&gt;&lt;\/<\/span><span style=\"color: #800000\">configuration-file-guid<\/span><span style=\"color: #0000ff\">&gt;<\/span>        \n  <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">last-sync-attempt-time<\/span><span style=\"color: #0000ff\">&gt;&lt;\/<\/span><span style=\"color: #800000\">last-sync-attempt-time<\/span><span style=\"color: #0000ff\">&gt;<\/span>        \n  <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">last-sync-success-time<\/span><span style=\"color: #0000ff\">&gt;&lt;\/<\/span><span style=\"color: #800000\">last-sync-success-time<\/span><span style=\"color: #0000ff\">&gt;<\/span>        \n  <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">last-sync-error-time<\/span><span style=\"color: #0000ff\">&gt;&lt;\/<\/span><span style=\"color: #800000\">last-sync-error-time<\/span><span style=\"color: #0000ff\">&gt;<\/span>        \n  <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">last-sync-error-string<\/span><span style=\"color: #0000ff\">&gt;&lt;\/<\/span><span style=\"color: #800000\">last-sync-error-string<\/span><span style=\"color: #0000ff\">&gt;<\/span>        \n  <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">consecutive-sync-failures<\/span><span style=\"color: #0000ff\">&gt;&lt;\/<\/span><span style=\"color: #800000\">consecutive-sync-failures<\/span><span style=\"color: #0000ff\">&gt;<\/span>        \n  <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">user-credentials<\/span><span style=\"color: #0000ff\">&gt;&lt;\/<\/span><span style=\"color: #800000\">user-credentials<\/span><span style=\"color: #0000ff\">&gt;<\/span>        \n  <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">runs-since-last-object-update<\/span><span style=\"color: #0000ff\">&gt;&lt;\/<\/span><span style=\"color: #800000\">runs-since-last-object-update<\/span><span style=\"color: #0000ff\">&gt;<\/span>        \n  <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">runs-since-last-full-sync<\/span><span style=\"color: #0000ff\">&gt;&lt;\/<\/span><span style=\"color: #800000\">runs-since-last-full-sync<\/span><span style=\"color: #0000ff\">&gt;<\/span>    \n <span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">synchronizer-state<\/span><span style=\"color: #0000ff\">&gt;<\/span>\n<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">doc<\/span><span style=\"color: #0000ff\">&gt;<\/span><\/pre>\n<\/div>\n<p>&#160;<\/p>\n<p>Now you can install this configuration into ADAM, and sync the corelan.be account domain to the ADAM instance :<\/p>\n<div>\n<pre style=\"padding-right: 0px; padding-left: 0px; font-size: 8pt; padding-bottom: 0px; margin: 0em; overflow: visible; width: 100%; color: black; border-top-style: none; line-height: 12pt; padding-top: 0px; font-family: consolas, &#39;Courier New&#39;, courier, monospace; border-right-style: none; border-left-style: none; background-color: #f4f4f4; border-bottom-style: none\"><p>C:\\WINDOWS\\adam<span style=\"color: #0000ff\">&gt;<\/span><strong><font color=\"#0000a0\">adamsync.exe \/install localhost C:\\Windows\\ADAM\\corelan\\MS-AdamSyncConfCorelan.XML _<\/font><\/strong><\/p><p><strong><font color=\"#0000a0\"> \/passprompt\n<\/font><\/strong>Please enter password:\nDone.<\/p><\/pre>\n<\/div>\n<p>Enter the password of the user account that is specified in the .xml configuration file. Make sure to specify the password correctly, because even if you enter a wrong password, the process will still complete with the &quot;Done.&quot; message and will not indicate that there is a problem.<\/p>\n<p>Now sync the corelan.be AD domain to ADAM using the following command :<\/p>\n<div>\n<pre style=\"padding-right: 0px; padding-left: 0px; font-size: 8pt; padding-bottom: 0px; margin: 0em; overflow: visible; width: 100%; color: black; border-top-style: none; line-height: 12pt; padding-top: 0px; font-family: consolas, &#39;Courier New&#39;, courier, monospace; border-right-style: none; border-left-style: none; background-color: #f4f4f4; border-bottom-style: none\">C:\\WINDOWS\\adam<span style=\"color: #0000ff\">&gt;<\/span><strong><font color=\"#0000a0\">adamsync \/sync localhost &quot;dc=combined,dc=com&quot; \/log c:\\windows\\adam\\Logs\\synclog.txt<\/font><\/strong><\/pre>\n<\/div>\n<p>Depending on the size of the source AD (account domain), this may take a while.&#160; When the process has complete, open the log file and verify that the process has completed successfully. <\/p>\n<p><a href=\"\/wp-content\/uploads\/2008\/09\/image48.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" style=\"border-top-width: 0px; border-left-width: 0px; border-bottom-width: 0px; border-right-width: 0px\" height=\"230\" alt=\"image\" src=\"\/wp-content\/uploads\/2008\/09\/image-thumb46.png\" width=\"405\" border=\"0\" \/><\/a> <\/p>\n<p>If you now use ADAM-adsiedit, you should see the AD structure (or at least the OU structure that contains user objects) and user accounts of the source AD domain in the ADAM instance.<\/p>\n<h5>Set up ADAMSync for corelantest.be<\/h5>\n<p>Create a unique xml configuration file for the corelantest.be domain and run the adamsync tool with \/install and \/sync parameters to sync this domain as well.<\/p>\n<p>The top part of the xml file should look something like this :<\/p>\n<div>\n<pre style=\"padding-right: 0px; padding-left: 0px; font-size: 8pt; padding-bottom: 0px; margin: 0em; overflow: visible; width: 100%; color: black; border-top-style: none; line-height: 12pt; padding-top: 0px; font-family: consolas, &#39;Courier New&#39;, courier, monospace; border-right-style: none; border-left-style: none; background-color: #f4f4f4; border-bottom-style: none\"><span style=\"color: #0000ff\">&lt;?<\/span><span style=\"color: #800000\">xml<\/span> <span style=\"color: #ff0000\">version<\/span><span style=\"color: #0000ff\">=&quot;1.0&quot;<\/span>?<span style=\"color: #0000ff\">&gt;<\/span>\n<span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">doc<\/span><span style=\"color: #0000ff\">&gt;<\/span>    \n  <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">configuration<\/span><span style=\"color: #0000ff\">&gt;<\/span>        \n  <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">description<\/span><span style=\"color: #0000ff\">&gt;<\/span>sample Adamsync configuration file<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">description<\/span><span style=\"color: #0000ff\">&gt;<\/span>        \n  <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">security-mode<\/span><span style=\"color: #0000ff\">&gt;<\/span>object<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">security-mode<\/span><span style=\"color: #0000ff\">&gt;<\/span>            \n  <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">source-ad-name<\/span><span style=\"color: #0000ff\">&gt;<\/span>corelantest.be<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">source-ad-name<\/span><span style=\"color: #0000ff\">&gt;<\/span>        \n  <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">source-ad-partition<\/span><span style=\"color: #0000ff\">&gt;<\/span>dc=corelantest,dc=be<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">source-ad-partition<\/span><span style=\"color: #0000ff\">&gt;<\/span>\n  <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">source-ad-account<\/span><span style=\"color: #0000ff\">&gt;<\/span>CorelantestAdminAccount<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">source-ad-account<\/span><span style=\"color: #0000ff\">&gt;<\/span>                \n  <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">account-domain<\/span><span style=\"color: #0000ff\">&gt;<\/span>corelantest.be<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">account-domain<\/span><span style=\"color: #0000ff\">&gt;<\/span>\n  <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">target-dn<\/span><span style=\"color: #0000ff\">&gt;<\/span>dc=combined,dc=com<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">target-dn<\/span><span style=\"color: #0000ff\">&gt;<\/span>        \n  <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">query<\/span><span style=\"color: #0000ff\">&gt;<\/span>            \n   <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">base-dn<\/span><span style=\"color: #0000ff\">&gt;<\/span>dc=corelantest,dc=be<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">base-dn<\/span><span style=\"color: #0000ff\">&gt;<\/span>\n   <span style=\"color: #0000ff\">&lt;<\/span><span style=\"color: #800000\">object-filter<\/span><span style=\"color: #0000ff\">&gt;<\/span>(objectCategory=person)<span style=\"color: #0000ff\">&lt;\/<\/span><span style=\"color: #800000\">object-filter<\/span><span style=\"color: #0000ff\">&gt;<\/span><\/pre>\n<\/div>\n<p>etc... (don't forget to put in the attribute exclusions as shown in the config file from corelan.be)<\/p>\n<p>Next, install the config file and then run the sync<\/p>\n<div>\n<pre style=\"padding-right: 0px; padding-left: 0px; font-size: 8pt; padding-bottom: 0px; margin: 0em; overflow: visible; width: 100%; color: black; border-top-style: none; line-height: 12pt; padding-top: 0px; font-family: consolas, &#39;Courier New&#39;, courier, monospace; border-right-style: none; border-left-style: none; background-color: #f4f4f4; border-bottom-style: none\"><p>C:\\WINDOWS\\adam<span style=\"color: #0000ff\">&gt;<\/span><strong><font color=\"#0000a0\">adamsync.exe \/install localhost _ <\/font><\/strong><\/p><p><strong><font color=\"#0000a0\">C:\\Windows\\ADAM\\corelantest\\MS-AdamSyncConfCorelantest.XML _ <\/font><\/strong><\/p><p><strong><font color=\"#0000a0\">\/passprompt\n<\/font><\/strong>Please enter password:\nDone.\n\nC:\\WINDOWS\\adam<span style=\"color: #0000ff\">&gt;<\/span><strong><font color=\"#0000a0\">adamsync \/sync localhost &quot;dc=combined,dc=com&quot; _ <\/font><\/strong><\/p><p><strong><font color=\"#0000a0\">\/log c:\\windows\\adam\\Logs\\synclogCorelantest.txt<\/font><\/strong><\/p><\/pre>\n<\/div>\n<p>Review the log file &amp; look for errors<\/p>\n<p><a href=\"\/wp-content\/uploads\/2008\/09\/image49.png\"><img loading=\"lazy\" decoding=\"async\" style=\"border-top-width: 0px; border-left-width: 0px; border-bottom-width: 0px; border-right-width: 0px\" height=\"201\" alt=\"image\" src=\"\/wp-content\/uploads\/2008\/09\/image-thumb47.png\" width=\"385\" border=\"0\" \/><\/a> <\/p>\n<p>&#160;<\/p>\n<p>That's it<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Keywords : ldap authentication multiple domains combine adam adamsync adschemaanalyzer ldap proxy chain ldifde MS-ADAMSyncconf.xml MS-AdamSyncMetadata.ldf MS-ADAMSchemaW2K3.ldf Object Violation Naming Violation Ldap error occured. ldap_add_sW: Object Class Violation. Case definition : 2 AD domains, containing user accounts. One of the domains is a 2003 based domain and has the R2 + Exchange 2003 + Exchange &hellip; <a href=\"https:\/\/www.corelan.be\/index.php\/2008\/08\/03\/merging-syncing-multiple-active-directory-databases-into-one-adam-instance\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> \"Merging &amp; Syncing multiple Active Directory databases into one ADAM instance\"<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[31,26],"tags":[32],"class_list":["post-839","post","type-post","status-publish","format-standard","hentry","category-active-directory","category-windows-server","tag-active-directory"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Merging &amp; Syncing multiple Active Directory databases into one ADAM instance - Corelan | Exploit Development &amp; Vulnerability Research<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.corelan.be\/index.php\/2008\/08\/03\/merging-syncing-multiple-active-directory-databases-into-one-adam-instance\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Merging &amp; Syncing multiple Active Directory databases into one ADAM instance - Corelan | Exploit Development &amp; Vulnerability Research\" \/>\n<meta property=\"og:description\" content=\"Keywords : ldap authentication multiple domains combine adam adamsync adschemaanalyzer ldap proxy chain ldifde MS-ADAMSyncconf.xml MS-AdamSyncMetadata.ldf MS-ADAMSchemaW2K3.ldf Object Violation Naming Violation Ldap error occured. ldap_add_sW: Object Class Violation. Case definition : 2 AD domains, containing user accounts. One of the domains is a 2003 based domain and has the R2 + Exchange 2003 + Exchange &hellip; Continue reading &quot;Merging &amp; Syncing multiple Active Directory databases into one ADAM instance&quot;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.corelan.be\/index.php\/2008\/08\/03\/merging-syncing-multiple-active-directory-databases-into-one-adam-instance\/\" \/>\n<meta property=\"og:site_name\" content=\"Corelan | Exploit Development &amp; Vulnerability Research\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/corelanconsulting\" \/>\n<meta property=\"article:published_time\" content=\"2008-08-03T12:41:51+00:00\" \/>\n<meta name=\"author\" content=\"corelanc0d3r\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@corelanc0d3r\" \/>\n<meta name=\"twitter:site\" content=\"@corelanc0d3r\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"TechArticle\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2008\\\/08\\\/03\\\/merging-syncing-multiple-active-directory-databases-into-one-adam-instance\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2008\\\/08\\\/03\\\/merging-syncing-multiple-active-directory-databases-into-one-adam-instance\\\/\"},\"author\":{\"name\":\"corelanc0d3r\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#\\\/schema\\\/person\\\/3be5542b9b0a0787893db83a5ad68e8f\"},\"headline\":\"Merging &amp; Syncing multiple Active Directory databases into one ADAM instance\",\"datePublished\":\"2008-08-03T12:41:51+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2008\\\/08\\\/03\\\/merging-syncing-multiple-active-directory-databases-into-one-adam-instance\\\/\"},\"wordCount\":2288,\"publisher\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#organization\"},\"keywords\":[\"Active Directory\"],\"articleSection\":[\"Active Directory\",\"Windows Server\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2008\\\/08\\\/03\\\/merging-syncing-multiple-active-directory-databases-into-one-adam-instance\\\/\",\"url\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2008\\\/08\\\/03\\\/merging-syncing-multiple-active-directory-databases-into-one-adam-instance\\\/\",\"name\":\"Merging &amp; Syncing multiple Active Directory databases into one ADAM instance - Corelan | Exploit Development &amp; Vulnerability Research\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#website\"},\"datePublished\":\"2008-08-03T12:41:51+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2008\\\/08\\\/03\\\/merging-syncing-multiple-active-directory-databases-into-one-adam-instance\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2008\\\/08\\\/03\\\/merging-syncing-multiple-active-directory-databases-into-one-adam-instance\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2008\\\/08\\\/03\\\/merging-syncing-multiple-active-directory-databases-into-one-adam-instance\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.corelan.be\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Merging &amp; Syncing multiple Active Directory databases into one ADAM instance\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#website\",\"url\":\"https:\\\/\\\/www.corelan.be\\\/\",\"name\":\"Corelan CyberSecurity Research\",\"description\":\"Corelan publishes in-depth tutorials on exploit development, Windows exploitation, vulnerability research, heap internals, reverse engineering and security tooling used by professionals worldwide.\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.corelan.be\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#organization\",\"name\":\"Corelan CyberSecurity Research\",\"url\":\"https:\\\/\\\/www.corelan.be\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.corelan.be\\\/wp-content\\\/uploads\\\/2026\\\/03\\\/corelanlogo2_small-20.png\",\"contentUrl\":\"https:\\\/\\\/www.corelan.be\\\/wp-content\\\/uploads\\\/2026\\\/03\\\/corelanlogo2_small-20.png\",\"width\":200,\"height\":200,\"caption\":\"Corelan CyberSecurity Research\"},\"image\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/corelanconsulting\",\"https:\\\/\\\/x.com\\\/corelanc0d3r\",\"https:\\\/\\\/x.com\\\/corelanconsulting\",\"https:\\\/\\\/instagram.com\\\/corelanconsult\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#\\\/schema\\\/person\\\/3be5542b9b0a0787893db83a5ad68e8f\",\"name\":\"corelanc0d3r\",\"pronouns\":\"he\\\/him\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x\",\"caption\":\"corelanc0d3r\"},\"description\":\"Peter Van Eeckhoutte is the founder of Corelan and a globally recognized expert in exploit development and vulnerability research. With over two decades in IT security, he built Corelan into a respected platform for deep technical research, hands-on training, and knowledge sharing. Known for his influential exploit development tutorials, tools, and real-world training, Peter combines a strong research mindset with a passion for education\u2014helping security professionals understand not just how exploits work, but why.\",\"sameAs\":[\"https:\\\/\\\/www.corelan-training.com\",\"https:\\\/\\\/instagram.com\\\/corelanc0d3r\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/petervaneeckhoutte\\\/\",\"https:\\\/\\\/x.com\\\/corelanc0d3r\"],\"url\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/author\\\/admin0\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Merging &amp; Syncing multiple Active Directory databases into one ADAM instance - Corelan | Exploit Development &amp; Vulnerability Research","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.corelan.be\/index.php\/2008\/08\/03\/merging-syncing-multiple-active-directory-databases-into-one-adam-instance\/","og_locale":"en_US","og_type":"article","og_title":"Merging &amp; Syncing multiple Active Directory databases into one ADAM instance - Corelan | Exploit Development &amp; Vulnerability Research","og_description":"Keywords : ldap authentication multiple domains combine adam adamsync adschemaanalyzer ldap proxy chain ldifde MS-ADAMSyncconf.xml MS-AdamSyncMetadata.ldf MS-ADAMSchemaW2K3.ldf Object Violation Naming Violation Ldap error occured. ldap_add_sW: Object Class Violation. Case definition : 2 AD domains, containing user accounts. One of the domains is a 2003 based domain and has the R2 + Exchange 2003 + Exchange &hellip; Continue reading \"Merging &amp; Syncing multiple Active Directory databases into one ADAM instance\"","og_url":"https:\/\/www.corelan.be\/index.php\/2008\/08\/03\/merging-syncing-multiple-active-directory-databases-into-one-adam-instance\/","og_site_name":"Corelan | Exploit Development &amp; Vulnerability Research","article_publisher":"https:\/\/www.facebook.com\/corelanconsulting","article_published_time":"2008-08-03T12:41:51+00:00","author":"corelanc0d3r","twitter_card":"summary_large_image","twitter_creator":"@corelanc0d3r","twitter_site":"@corelanc0d3r","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"TechArticle","@id":"https:\/\/www.corelan.be\/index.php\/2008\/08\/03\/merging-syncing-multiple-active-directory-databases-into-one-adam-instance\/#article","isPartOf":{"@id":"https:\/\/www.corelan.be\/index.php\/2008\/08\/03\/merging-syncing-multiple-active-directory-databases-into-one-adam-instance\/"},"author":{"name":"corelanc0d3r","@id":"https:\/\/www.corelan.be\/#\/schema\/person\/3be5542b9b0a0787893db83a5ad68e8f"},"headline":"Merging &amp; Syncing multiple Active Directory databases into one ADAM instance","datePublished":"2008-08-03T12:41:51+00:00","mainEntityOfPage":{"@id":"https:\/\/www.corelan.be\/index.php\/2008\/08\/03\/merging-syncing-multiple-active-directory-databases-into-one-adam-instance\/"},"wordCount":2288,"publisher":{"@id":"https:\/\/www.corelan.be\/#organization"},"keywords":["Active Directory"],"articleSection":["Active Directory","Windows Server"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.corelan.be\/index.php\/2008\/08\/03\/merging-syncing-multiple-active-directory-databases-into-one-adam-instance\/","url":"https:\/\/www.corelan.be\/index.php\/2008\/08\/03\/merging-syncing-multiple-active-directory-databases-into-one-adam-instance\/","name":"Merging &amp; Syncing multiple Active Directory databases into one ADAM instance - Corelan | Exploit Development &amp; Vulnerability Research","isPartOf":{"@id":"https:\/\/www.corelan.be\/#website"},"datePublished":"2008-08-03T12:41:51+00:00","breadcrumb":{"@id":"https:\/\/www.corelan.be\/index.php\/2008\/08\/03\/merging-syncing-multiple-active-directory-databases-into-one-adam-instance\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.corelan.be\/index.php\/2008\/08\/03\/merging-syncing-multiple-active-directory-databases-into-one-adam-instance\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.corelan.be\/index.php\/2008\/08\/03\/merging-syncing-multiple-active-directory-databases-into-one-adam-instance\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.corelan.be\/"},{"@type":"ListItem","position":2,"name":"Merging &amp; Syncing multiple Active Directory databases into one ADAM instance"}]},{"@type":"WebSite","@id":"https:\/\/www.corelan.be\/#website","url":"https:\/\/www.corelan.be\/","name":"Corelan CyberSecurity Research","description":"Corelan publishes in-depth tutorials on exploit development, Windows exploitation, vulnerability research, heap internals, reverse engineering and security tooling used by professionals worldwide.","publisher":{"@id":"https:\/\/www.corelan.be\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.corelan.be\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.corelan.be\/#organization","name":"Corelan CyberSecurity Research","url":"https:\/\/www.corelan.be\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.corelan.be\/#\/schema\/logo\/image\/","url":"https:\/\/www.corelan.be\/wp-content\/uploads\/2026\/03\/corelanlogo2_small-20.png","contentUrl":"https:\/\/www.corelan.be\/wp-content\/uploads\/2026\/03\/corelanlogo2_small-20.png","width":200,"height":200,"caption":"Corelan CyberSecurity Research"},"image":{"@id":"https:\/\/www.corelan.be\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/corelanconsulting","https:\/\/x.com\/corelanc0d3r","https:\/\/x.com\/corelanconsulting","https:\/\/instagram.com\/corelanconsult"]},{"@type":"Person","@id":"https:\/\/www.corelan.be\/#\/schema\/person\/3be5542b9b0a0787893db83a5ad68e8f","name":"corelanc0d3r","pronouns":"he\/him","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x","url":"https:\/\/secure.gravatar.com\/avatar\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x","caption":"corelanc0d3r"},"description":"Peter Van Eeckhoutte is the founder of Corelan and a globally recognized expert in exploit development and vulnerability research. With over two decades in IT security, he built Corelan into a respected platform for deep technical research, hands-on training, and knowledge sharing. Known for his influential exploit development tutorials, tools, and real-world training, Peter combines a strong research mindset with a passion for education\u2014helping security professionals understand not just how exploits work, but why.","sameAs":["https:\/\/www.corelan-training.com","https:\/\/instagram.com\/corelanc0d3r","https:\/\/www.linkedin.com\/in\/petervaneeckhoutte\/","https:\/\/x.com\/corelanc0d3r"],"url":"https:\/\/www.corelan.be\/index.php\/author\/admin0\/"}]}},"views":14345,"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/posts\/839","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/comments?post=839"}],"version-history":[{"count":0,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/posts\/839\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/media?parent=839"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/categories?post=839"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/tags?post=839"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}