The schema is generated based on the dynamic discovery of the
data source by the management agent. When you refresh the schema
for this management agent, the connected data source schema is
rediscovered, the current management agent schema is updated, and
then Management Agent Designer starts. In Management Agent
Designer, you can correct any inconsistencies introduced by the
updated schema, such as deleted object types or deleted
If you want to synchronize with Sun ONE Directory
Server 4.12 or 4.13 and you use the distinguished name (also
known as DN) for the anchor attribute, Microsoft Identity Integration Server 2003 cannot support rename operations.
If you upgrade your Netscape Directory Server 4.1 to
version 5.0 or greater, it is recommended that you use the
following procedure to synchronize with Microsoft Identity Integration Server 2003:
Upgrade your Netscape Directory Server.
Create a new management agent for Sun and Netscape directory
Configure your join rules for the new management agent so that
the objects on the upgraded server join to the existing metaverse
Run a full import of the new management agent.
Remove the old management agent for the 4.1 server.
If changelog is not enabled on Sun ONE Directory Server,
Microsoft Identity Integration Server 2003 cannot support delta
The management agent for Sun and Netscape directory servers
does not automatically detect changes made to the configuration of
the Sun or Netscape directory server, such as enabling or disabling
changelog. If you change the configuration of the Sun or Netscape
directory server, you must refresh the management agent by using
the Refresh button on the Configure Naming Context
page of the management agent. For more information, see Configure naming contexts.
During rename and move operations, Microsoft Identity Integration Server 2003 first creates the new object and then deletes
the old object. If you stop an export from Microsoft Identity Integration Server 2003 that is in progress and that contains renamed
or moved objects, both the objects and their copies might be left
on the Sun ONE Directory Server 5.0 or 5.1 server.
If the management agent for Sun and Netscape directory servers
is requested to rename or move an object, but not change the
uuid, and the uuid uniqueness plug-in is enabled on
the Sun ONE Directory Server 5.0 or 5.1 server, then the
rename or move operation fails. Disable the uuid uniqueness
When you rename or move an object, all references to that
object on the Sun ONE Directory Server 5.0 or 5.1 server that
have their referential integrity managed by the Sun ONE Directory
Server 5.0 or 5.1 server (that is, a valid intrapartition
distinguished name attribute with the referential integrity
plug-in enabled) are removed (that is, a renamed or moved user
object is removed from all groups).
When running a delta synchronization to a Netscape Directory
Server 6.11, particularly when using slower hardware, a
delete-add operation might not be processed in order, resulting in
the object being deleted. In this case, the object can be restored
by running a full import.
If you have an object on a Sun ONE Directory Server 5.2
server with a multi-value attribute that has more than 7 values,
and if you delete several of those values through an Export
Attribute Flow operation, then the Sun ONE Directory Server might
delete the remaining values. Running a full import and export
restores the missing attribute values.
If another Lightweight Directory Access Protocol (LDAP) call is
made to a Sun ONE Directory Server 5.0 or 5.1 server before it
is able to finish the first operation, Referential Integrity
Post-Operations might fail. Run the Referential Integrity plug-in
with a delay of one second. This logs the changes in a file, runs
the referential integrity on only one thread, and checks changes
sequentially. For more information about how to configure your
server, see your Sun ONE Directory Server 5.1
The Sun and Netscape directory servers management agent has a
default timeout value for run profiles of 30 seconds.
When you update a Sun and Netscape directory server management
agent, the management agent configuration file must be from the
same Sun ONE Directory Server version.
This management agent supports password management. For more information, see Related Topics.