locked
AD Connector Sync? One-way or Two-Way? RRS feed

  • Question

  • I need to know if the AD Connector is one-way or two-way, after each sync all the attributes changed by the SCSM console are lost.

     

    Best regards.

    Tuesday, July 27, 2010 7:43 PM

Answers

  • Hi, it is one way, from AD to Service Manager. Patrik and I have a post that explains how it works at http://contoso.se/blog/?p=1504
    Anders Bengtsson | Microsoft MVP - Operations Manager | http://www.contoso.se
    • Marked as answer by Angelo Maia Tuesday, July 27, 2010 8:01 PM
    Tuesday, July 27, 2010 7:53 PM
    Answerer
  • The main idea for a one-way-sync between AD and SCSM could be "keep it simple". A two-way-replication can be a very complex mechanic (e.g. conflicts if the same changes are made on 2 different "sources"). So the best/easy way is "change the data at the origin location", in this case in AD. Also security can be an issue: I am not sure if for instance the password of a user is stored in the SCSM CMDB. But this would be needed if you want to change user attributes in the SCSM CMDB and replicate them in the AD.

    You can add different tasks in the SCSM console to change things in the AD. Here is a great example from Anders: Reset Password with Service Manager. So you dont need a different tool to change the password of a user. But the data is still modified in the AD.
    It should be possible to create a task in the SCSM console for some other changes of user attributes like location, description, email, whatever as well. The next sync between AD and SCSM will replicate this in the CMDB of the SCSM again.

     


    Andreas Baumgarten | H&D International Group
    Wednesday, July 28, 2010 7:42 AM

All replies

  • Hi, it is one way, from AD to Service Manager. Patrik and I have a post that explains how it works at http://contoso.se/blog/?p=1504
    Anders Bengtsson | Microsoft MVP - Operations Manager | http://www.contoso.se
    • Marked as answer by Angelo Maia Tuesday, July 27, 2010 8:01 PM
    Tuesday, July 27, 2010 7:53 PM
    Answerer
  • Thanks Anders for the quick reply, but I believe that this limitation is ridiculous, the moment the support is a precious moment to update information about a user. Forcing my technicians to leave the SCSM and get another tool to update attributes in AD makes no sense. I hope that is corrected in the future.
    I'm disappointed.

     

    Best regards.

    Wednesday, July 28, 2010 1:41 AM
  • The main idea for a one-way-sync between AD and SCSM could be "keep it simple". A two-way-replication can be a very complex mechanic (e.g. conflicts if the same changes are made on 2 different "sources"). So the best/easy way is "change the data at the origin location", in this case in AD. Also security can be an issue: I am not sure if for instance the password of a user is stored in the SCSM CMDB. But this would be needed if you want to change user attributes in the SCSM CMDB and replicate them in the AD.

    You can add different tasks in the SCSM console to change things in the AD. Here is a great example from Anders: Reset Password with Service Manager. So you dont need a different tool to change the password of a user. But the data is still modified in the AD.
    It should be possible to create a task in the SCSM console for some other changes of user attributes like location, description, email, whatever as well. The next sync between AD and SCSM will replicate this in the CMDB of the SCSM again.

     


    Andreas Baumgarten | H&D International Group
    Wednesday, July 28, 2010 7:42 AM