A new Active Directory synchronization task has been configured using the default ActiveDirectorySynchronization.vbs script via the SafeGuard Enterprise Task Scheduler. An additional manual Active Directory synchronization - selecting different objects during the import - was performed after the task has been created.
What is the exact Active Directory structure now being maintained/ synchronized by the Safeguard Enterprise Task Scheduler's Active Directory synchronization?
First seen in
SafeGuard Management Center / Local Policy Editor 5.60.0
What To Do
The default Active Directory synchronization script that comes with the SafeGuard Enterprise Task Scheduler uses an API function called ‘
SynchronizeImportedContainers’. This function specifies the follow:
- “After you have imported a directory structure into the SafeGuard Enterprise Database, you can use this method to synchronize all existing containers with the SafeGuard Enterprise Database. This method does not add new containers.”
This means that a container (i.e. an Active Directory Organizational Unit) that has been added to the SafeGuard Enterprise Database once will always be maintained by the default Active Directory synchronization script, as long as it stays imported – regardless if it is being ticked during another manual import process or not.
If the Security Officer is required to split up the synchronization into multiple tasks, using the Task Scheduler script "ActiveDirectorySynchronization.vbs" (or the API call
SynchronizeImportedContainers) is not a good choice, it would be better to create dedicated synchronization scripts* that import a fixed object tree from Active Directory.
*Please note that there is an example script located in the SafeGuard Enterprise install sources folder under 'API sample scripts\Synchronize.vbs'.