3.2.1.12.5 Active Directory Synchronization

Synchronization of the property definition from Active Directory to the local machine happens at implementation-defined intervals.<51>

The following sequence of actions occurs during synchronization.

The Resource Property List name contained in ADSyncListName is used to synchronize the property definitions from Active Directory.

1. The server MUST iterate through each of the Active Directory property definitions in the retrieved resource property list. For each Active Directory property definition found in the resource properties object whose Enabled attribute is set to true, the server MUST perform the following steps in sequence:

   1. If there is a persisted property definition with the same property definition.GlobalGUID as the objectGUID of the Active Directory property definition, refer to this as the Relevant Property Definition. Otherwise, the server MUST create a new persisted property definition and add it to the List of Persisted Property Definitions. The new persisted property definition needs to be referred to as the Relevant Property Definition and be initialized as follows:

      1. Set FSRM Base Object.Id to the objectGUID of the Active Directory property definition.

      2. Set Property Definition.Type to FsrmPropertyDefinitionType_Unknown.

      3. Set Property Definition.Name to an empty string.

      4. Set Property Definition.Deprecated to false.

      5. Set Property Definition.Global to true.

      6. Set Property Definition.AppliesTo to Files.

      7. Set Property Definition.Secure to false.

      8. Set Possible values to an empty list.

      9. Set Property Definition.WhenChanged to never.

   2. If whenChanged on the Active Directory property definition is newer than Property Definition.WhenChanged, perform the following steps:

      1. The Property Definition.Type of the Relevant Property Definition is updated with the msDS-ValueTypeReference of the Active Directory property definition:

         1. If msDS-ValueTypeReference is MS-DS-OrderedList, set Property Definition.Type to FsrmPropertyDefinitionType_OrderedList.

         2. If msDS-ValueTypeReference is MS-DS-MultivaluedChoice, set Property Definition.Type to FsrmPropertyDefinitionType_MultiChoiceList.

         3. If msDS-ValueTypeReference is MS-DS-Text, set Property Definition.Type to FsrmPropertyDefinitionType_String.

         4. If msDS-ValueTypeReference is MS-DS-MultivaluedText, set Property Definition.Type to FsrmPropertyDefinitionType_MultiString.

         5. If msDS-ValueTypeReference is MS-DS-Number, set Property Definition.Type to FsrmPropertyDefinitionType_Int.

         6. If msDS-ValueTypeReference is MS-DS-YesNo, set Property Definition.Type to FsrmPropertyDefinitionType_Bool.

         7. If msDS-ValueTypeReference is MS-DS-DateTime, set Property Definition.Type to FsrmPropertyDefinitionType_Date.

      2. If another persisted property definition exists on the server with a Property Definition.Name matching the CN of the Active Directory property definition, the server MUST perform the following steps:

         1. Append the string "(deprecated)" to the name of that persisted property definition.

         2. Set the Property Definition.Deprecated to true for that persisted property definition.

         3. For any Report Jobs part of a Persisted Report Job that includes a filter of type FsrmReportFilter_Property in its Filters whose value is the same as the Property Definition.Name of that persisted property definition, set Report Job.Deprecated to true.

         4. For any Persisted Rule that has a Property Affected whose value is the same as the Property Definition.Name of that persisted property definition, set Rule.Deprecated to true.

         5. For any Persisted File Management Jobs that has a Property Condition as part of its Conditions whose Property Condition.Name is the same as the Property Definition.Name of that persisted property definition, set Rule.Deprecated to true.

      3. The Property Definition.Name of the Relevant Property Definition is updated with the CN of the Active Directory property definition.

      4. The Property Definition.Display Name of the Relevant Property Definition is updated with the displayName of the Active Directory property definition.

      5. The FSRM Base Object.Description of the Relevant Property Definition is updated with the description of the Active Directory property definition.

      6. If the CN for the matching Property Definition.Name is FolderUsage_MS, FolderUsage list is also updated so that each value in the msDS-ClaimPossibleValues of the matching Active Directory Property Definition appears as part of a [FolderUsage_MS=<value>] string in the FolderUsage List. Every item in the FolderUsage List whose <value> does not appear in the msDS-ClaimPossibleValues of the matching Active Directory Property Definition is removed from the FolderUsage List.

      7. If the msDS-ValueTypeReferences of the Active Directory property definition is MS-DS-OrderedList or MS-DS-MultivaluedChoice, the server MUST perform the following steps:

         1. If the msDS-ClaimSharesPossibleValuesWith of the persisted property definition has a value, refer to the msDS-ClaimPossibleValues of the Active Directory property definition whose CN matches the value in msDS-ClaimSharesPossibleValuesWith as the Active Directory possible values for the following steps. Otherwise, msDS-ClaimPossibleValues of the original Active Directory property definition will be referred to as the Active Directory possible values for the following steps.

         2. The persisted property definition is updated with the Active Directory possible values by performing the following steps for each of its Active Directory possible value items as follows (see section 2.3.5 for details on the format of Active Directory possible values):

            1. Create a new Property Value Definition object and set its properties as follows:

               • Property Value Definition.Name = Value from the Active Directory possible value.

               • Property Value Definition.DisplayName = ValueDisplayName from the Active Directory possible value.

               • Property Value Definition.Description = ValueDescription from the Active Directory possible value.

               • Property Value Definition.UniqueId = ValueGUID from the Active Directory possible value.

            2. Extend the Possible values array by one entry, and set it to the newly created Property Value Definition object.

      8. The AppliesTo of the Relevant Property Definition is updated with the msDS-AppliesToResourceTypes of the Active Directory property definition.

         • If the msDS-AppliesToResourceTypes of the Active Directory property definition contains "Files", the Property Definition.AppliesTo of the Relevant Property Definition MUST be set to Files; if it contains "Folders", the Property Definition.AppliesTo of the Relevant Property Definition MUST be set to Folders. If it contains both, the Property Definition.AppliesTo of the Relevant Property Definition MUST be set to Files and Folders.

      9. The Property Definition.Secure of the Relevant Property Definition is updated with the msDS-IsUsedAsResourceSecurityAttribute of the Active Directory property definition.

2. If there is no objectGUID of the Active Directory property definition matching the GlobalGUID of any persisted property definition in the local machine, the server MUST remove that persisted property definition from the List of Persisted Property Definitions and perform the following steps:

   1. For any Report Jobs part of a Persisted Report Job that includes a filter of type FsrmReportFilter_Property in its Filters whose value is the same as the Property Definition.Name of that persisted property definition, set Report Job.Deprecated to true.

   2. For any Persisted Rule that has a Property Affected whose value is the same as the Property Definition.Name of that persisted property definition, set Rule.Deprecated to true.

   3. For any Persisted File Management Jobs that has a Property Condition as part of its Conditions whose Property Condition.Name is the same as the Property Definition.Name of that persisted property definition, set Rule.Deprecated to true.

3. If the property definition.GlobalGUID of a persisted property definition is the same as the objectGUID of the Active Directory property definition in Active Directory whose Enabled attribute is set to false, the server MUST remove that persisted property definition from the List of Persisted Property Definitions and perform the following steps:

   1. For any Report Jobs part of a Persisted Report Job that includes a filter of type FsrmReportFilter_Property in its Filters whose value is the same as the Property Definition.Name of that persisted property definition, set Report Job.Deprecated to true.

   2. For any Persisted Rule that has a Property Affected whose value is the same as the Property Definition.Name of that persisted property definition, set Rule.Deprecated to true.

   3. For any Persisted File Management Jobs that has a Property Condition as part of its Conditions whose Property Condition.Name is the same as the Property Definition.Name of that persisted property definition, set Rule.Deprecated to true.