{"id":2134,"date":"2010-09-29T11:01:08","date_gmt":"2010-09-29T15:01:08","guid":{"rendered":"http:\/\/onlineappsdba.com\/index.php\/2010\/09\/29\/oid-ad-integration-import-from-ad-to-oid-dirsync-vs-usn-changed\/"},"modified":"2010-09-29T11:01:08","modified_gmt":"2010-09-29T15:01:08","slug":"oid-ad-integration-import-from-ad-to-oid-dirsync-vs-usn-changed","status":"publish","type":"post","link":"https:\/\/onlineappsdba.com\/index.php\/2010\/09\/29\/oid-ad-integration-import-from-ad-to-oid-dirsync-vs-usn-changed\/","title":{"rendered":"OID &#8211; AD Integration : Import from AD to OID : DirSync V\/S USN-Changed"},"content":{"rendered":"<p>If you are planning to integrate <strong>OID <\/strong>(Directory Service from Oracle) with <strong>Active Directory<\/strong> (from Microsoft ) and importing user\/group from Active Directory (AD) to Oracle Internet Directory (OID) then\u00a0you can use <strong>one of two approaches<\/strong> (<strong>USNChanged<\/strong> or <strong>DirSync<\/strong>) to poll changes in Microsoft Active Directory.<\/p>\n<p>This post covers overview of capturing changes in Microsoft Active Directory using these two methods (<strong>USNChanged<\/strong> or <strong>DirSync<\/strong>)\u00a0and compare these two options.<\/p>\n<ul>\n<li><strong>USNChanged Approach<\/strong> &#8211; uses an attribute of entry to track changes in Microsoft active Directory<\/li>\n<li><strong>DirSync Approach<\/strong>&#8211; uses LDAP control to track changes in Microsoft Active Directory<\/li>\n<\/ul>\n<p>.<\/p>\n<p><strong><u>Privileges Request for user importing changes from AD<\/u><\/strong><\/p>\n<p><strong>A) USNChanged Approach<\/strong> (more commonly used) : Using this approach requires a user in AD<\/p>\n<p><strong>1.<\/strong> With <strong>List<\/strong> and <strong>Read<\/strong> permissions for every AD container that is in domain mapping rules.<br \/>\n<strong>2.<\/strong>With permissions to <strong>Read<\/strong> and <strong>List<\/strong> the Active Directory deleted objects container. (Use <strong>DSACLS.exe<\/strong> tool on AD to give read permission for deleted objects to a user)<br \/>\n<font color=\"#ff0000\">Note : Deleted Objects are also called as tombstone entries.<\/font><\/p>\n<p>.<\/p>\n<p><font color=\"#000000\"><strong>B) DirSync Approach<\/strong> : Using this approach requires a user in AD<\/font><\/p>\n<p><font color=\"#000000\"><strong>1.<\/strong> With <strong>Replicating Directory Changes<\/strong> permission for every domain that is in domain mapping rules. <\/font><\/p>\n<p><font color=\"#ff0000\"><font color=\"#ff0000\">Note : With DirSync method it is not necessary to grant the user read permissions for the Active Directory deleted objects container in order to synchronize user deletes. This is because all changes made to an Active Directory partition are returned from a DirSync control search; access to object data is unrestricted.<\/font><\/font><font color=\"#ff0000\"><font color=\"#ff0000\">.<\/font><\/p>\n<p><\/font><strong><u>Things good to know<\/u><\/strong><\/p>\n<p><strong>1.<\/strong> When you install DIP\/OID 11g, it creates two default profiles for import: <strong>ActiveImport<\/strong> (using DirSync) and <strong>ActiveChgImp<\/strong> (using <strong>USNChanged<\/strong> )<\/p>\n<p><strong>2.<\/strong> When you use <strong>ExpressSyncSetup<\/strong> (<font color=\"#ff0000\">utility in OID 11g to configure basic sync profiles quickly which creates two profile, one for import and another for export<\/font>) it creates Import synchronization profile (<strong>ActiveChgImp<\/strong>) based on <strong>USNChanged<\/strong> approach.<\/p>\n<p><strong>3.<\/strong> USNChanged approach (ActiveChgImp) is usually preferred over DirSync approach (ActiveImport)<\/p>\n<p><strong>4.<\/strong> As per <a target=\"_blank\" href=\"http:\/\/support.microsoft.com\/kb\/891995\">Microsoft Support<\/a><\/p>\n<p><em>There are <strong>two benefits with using the uSNChanged<\/strong> attribute to poll for Active Directory object changes. The first benefit is that an uSNChanged attribute value search can be confined to a specific area of Active Directory. For example, unlike the DirSync control, object change searches can be limited to a specific subtree in the directory.<\/em><\/p>\n<p><em>The second benefit is that you do not have to configure special user account permissions or group permissions for the program. The program only requires List and Read permissions for every container and leaf object in the subtree that is searched. <\/em><\/p>\n<p>.\u00a0<\/p>\n<p><strong><u>Comparing USNChanged V\/S DirSync<br \/>\n<\/u><\/strong><br \/>\n<strong>a. Synchronization Scope<\/strong> : USNChanged enables synchronization of changes in any specific subtree.\u00a0 DirSync reads all then changes\u00a0in the directory, filters out changes to the required entries, and propagates them to OID.<\/p>\n<p><strong>b. Multiple Domains in AD<\/strong> : USNChanged can obtain changes made to multiple domains by connecting to Global Catalog. DirSync requires separate connections (multiple profiles) to different domain controllers.<\/p>\n<p><strong>c. Synchronization point tracking<\/strong> : USNChanged uses attribute to track synchronization point where as DirSync uses cookie that identifies state of Directory.<\/p>\n<p><strong>d. Search Result<\/strong> : In USNChanged approach all attributes of changed entry are retrieved and compared with value stored in OID and updated where as in DirSync approach, changes consists of only changed attribute and new values.<\/p>\n<p><strong>e) Error handling<\/strong> : For USNChanged approach if synchronization stops because of errors, next synchronization cycle starts from entry where synchronization was interrupted. For DisSync approach if synchronization stops because of errors, in next synchronization cycle all changes that are already applied are read and skipped.<\/p>\n<p>.<br \/>\n<strong><u>References\/Related<\/u><\/strong><\/p>\n<ul>\n<li>267153.1 Quick Start Setup for Active Dir<\/li>\n<li>464608.1\u00a0 How To Use A Non Administrator User For Connected Directory Account When Synchronizing AD &#8211; OID<\/li>\n<li><a target=\"_blank\" href=\"http:\/\/support.microsoft.com\/kb\/891995\">http:\/\/support.microsoft.com\/kb\/891995<\/a><\/li>\n<li><a target=\"_blank\" href=\"http:\/\/support.microsoft.com\/kb\/892806\">http:\/\/support.microsoft.com\/kb\/892806<\/a><\/li>\n<li><a target=\"_blank\" href=\"http:\/\/msdn.microsoft.com\/en-us\/library\/ms677627(VS.85).aspx\">http:\/\/msdn.microsoft.com\/en-us\/library\/ms677627(VS.85).aspx<\/a><\/li>\n<li><a target=\"_blank\" href=\"http:\/\/msdn.microsoft.com\/en-us\/library\/ms677626(VS.85).aspx\">http:\/\/msdn.microsoft.com\/en-us\/library\/ms677626(VS.85).aspx<\/a><\/li>\n<li><a target=\"_blank\" href=\"http:\/\/msdn.microsoft.com\/en-us\/library\/ms677625(VS.85).aspx\">http:\/\/msdn.microsoft.com\/en-us\/library\/ms677625(VS.85).aspx<\/a><\/li>\n<\/ul>\n<p><strong><u><font color=\"#ff0000\">Question for Readers<br \/>\n<\/font><\/u><\/strong><br \/>\n<strong>How to check if you are using DirSync or USNChanged for AD to OID import ?<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>If you are planning to integrate OID (Directory Service from Oracle) with Active Directory (from Microsoft ) and importing user\/group [&hellip;]<\/p>\n","protected":false},"author":115,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2134","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>OID - AD Integration : Import from AD to OID : DirSync V\/S USN-Changed -<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/onlineappsdba.com\/index.php\/2010\/09\/29\/oid-ad-integration-import-from-ad-to-oid-dirsync-vs-usn-changed\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"OID - AD Integration : Import from AD to OID : DirSync V\/S USN-Changed -\" \/>\n<meta property=\"og:description\" content=\"If you are planning to integrate OID (Directory Service from Oracle) with Active Directory (from Microsoft ) and importing user\/group [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/onlineappsdba.com\/index.php\/2010\/09\/29\/oid-ad-integration-import-from-ad-to-oid-dirsync-vs-usn-changed\/\" \/>\n<meta property=\"article:published_time\" content=\"2010-09-29T15:01:08+00:00\" \/>\n<meta name=\"author\" content=\"Masroof Ahmad\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Masroof Ahmad\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/onlineappsdba.com\/index.php\/2010\/09\/29\/oid-ad-integration-import-from-ad-to-oid-dirsync-vs-usn-changed\/\",\"url\":\"https:\/\/onlineappsdba.com\/index.php\/2010\/09\/29\/oid-ad-integration-import-from-ad-to-oid-dirsync-vs-usn-changed\/\",\"name\":\"OID - AD Integration : Import from AD to OID : DirSync V\/S USN-Changed -\",\"isPartOf\":{\"@id\":\"https:\/\/onlineappsdba.com\/#website\"},\"datePublished\":\"2010-09-29T15:01:08+00:00\",\"author\":{\"@id\":\"https:\/\/onlineappsdba.com\/#\/schema\/person\/909a876ed58d400faf82caf81d61bfdb\"},\"breadcrumb\":{\"@id\":\"https:\/\/onlineappsdba.com\/index.php\/2010\/09\/29\/oid-ad-integration-import-from-ad-to-oid-dirsync-vs-usn-changed\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/onlineappsdba.com\/index.php\/2010\/09\/29\/oid-ad-integration-import-from-ad-to-oid-dirsync-vs-usn-changed\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/onlineappsdba.com\/index.php\/2010\/09\/29\/oid-ad-integration-import-from-ad-to-oid-dirsync-vs-usn-changed\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/onlineappsdba.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"OID &#8211; AD Integration : Import from AD to OID : DirSync V\/S USN-Changed\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/onlineappsdba.com\/#website\",\"url\":\"https:\/\/onlineappsdba.com\/\",\"name\":\"\",\"description\":\"Oracle Implementation &amp; Training Experts\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/onlineappsdba.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/onlineappsdba.com\/#\/schema\/person\/909a876ed58d400faf82caf81d61bfdb\",\"name\":\"Masroof Ahmad\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/onlineappsdba.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/10f9db7bdbbd7f9ccfbe9b2d208e5978fc28315e9c704383e639a926ea0fce5f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/10f9db7bdbbd7f9ccfbe9b2d208e5978fc28315e9c704383e639a926ea0fce5f?s=96&d=mm&r=g\",\"caption\":\"Masroof Ahmad\"},\"url\":\"https:\/\/onlineappsdba.com\/index.php\/author\/masroof\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"OID - AD Integration : Import from AD to OID : DirSync V\/S USN-Changed -","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/onlineappsdba.com\/index.php\/2010\/09\/29\/oid-ad-integration-import-from-ad-to-oid-dirsync-vs-usn-changed\/","og_locale":"en_US","og_type":"article","og_title":"OID - AD Integration : Import from AD to OID : DirSync V\/S USN-Changed -","og_description":"If you are planning to integrate OID (Directory Service from Oracle) with Active Directory (from Microsoft ) and importing user\/group [&hellip;]","og_url":"https:\/\/onlineappsdba.com\/index.php\/2010\/09\/29\/oid-ad-integration-import-from-ad-to-oid-dirsync-vs-usn-changed\/","article_published_time":"2010-09-29T15:01:08+00:00","author":"Masroof Ahmad","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Masroof Ahmad","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/onlineappsdba.com\/index.php\/2010\/09\/29\/oid-ad-integration-import-from-ad-to-oid-dirsync-vs-usn-changed\/","url":"https:\/\/onlineappsdba.com\/index.php\/2010\/09\/29\/oid-ad-integration-import-from-ad-to-oid-dirsync-vs-usn-changed\/","name":"OID - AD Integration : Import from AD to OID : DirSync V\/S USN-Changed -","isPartOf":{"@id":"https:\/\/onlineappsdba.com\/#website"},"datePublished":"2010-09-29T15:01:08+00:00","author":{"@id":"https:\/\/onlineappsdba.com\/#\/schema\/person\/909a876ed58d400faf82caf81d61bfdb"},"breadcrumb":{"@id":"https:\/\/onlineappsdba.com\/index.php\/2010\/09\/29\/oid-ad-integration-import-from-ad-to-oid-dirsync-vs-usn-changed\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/onlineappsdba.com\/index.php\/2010\/09\/29\/oid-ad-integration-import-from-ad-to-oid-dirsync-vs-usn-changed\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/onlineappsdba.com\/index.php\/2010\/09\/29\/oid-ad-integration-import-from-ad-to-oid-dirsync-vs-usn-changed\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/onlineappsdba.com\/"},{"@type":"ListItem","position":2,"name":"OID &#8211; AD Integration : Import from AD to OID : DirSync V\/S USN-Changed"}]},{"@type":"WebSite","@id":"https:\/\/onlineappsdba.com\/#website","url":"https:\/\/onlineappsdba.com\/","name":"","description":"Oracle Implementation &amp; Training Experts","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/onlineappsdba.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/onlineappsdba.com\/#\/schema\/person\/909a876ed58d400faf82caf81d61bfdb","name":"Masroof Ahmad","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/onlineappsdba.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/10f9db7bdbbd7f9ccfbe9b2d208e5978fc28315e9c704383e639a926ea0fce5f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/10f9db7bdbbd7f9ccfbe9b2d208e5978fc28315e9c704383e639a926ea0fce5f?s=96&d=mm&r=g","caption":"Masroof Ahmad"},"url":"https:\/\/onlineappsdba.com\/index.php\/author\/masroof\/"}]}},"_links":{"self":[{"href":"https:\/\/onlineappsdba.com\/index.php\/wp-json\/wp\/v2\/posts\/2134","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/onlineappsdba.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/onlineappsdba.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/onlineappsdba.com\/index.php\/wp-json\/wp\/v2\/users\/115"}],"replies":[{"embeddable":true,"href":"https:\/\/onlineappsdba.com\/index.php\/wp-json\/wp\/v2\/comments?post=2134"}],"version-history":[{"count":0,"href":"https:\/\/onlineappsdba.com\/index.php\/wp-json\/wp\/v2\/posts\/2134\/revisions"}],"wp:attachment":[{"href":"https:\/\/onlineappsdba.com\/index.php\/wp-json\/wp\/v2\/media?parent=2134"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/onlineappsdba.com\/index.php\/wp-json\/wp\/v2\/categories?post=2134"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/onlineappsdba.com\/index.php\/wp-json\/wp\/v2\/tags?post=2134"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}