In our previous ADAMSync runs we synchronized all attributes except those in the <exclude> tags. This is probably ok for our tinkering, but in a real scenario, you might want to consider picking those you want instead of getting everything but those you say not to.Why? Well, consider the costs. If you synchronize everything, you’re paying the costs for all of those attributes (cost for lookup in AD, shipping them over the wire, writing them in to ADAM, storage in ADAM, etc.). If you only synchronize what you need you save on those costs while still servicing what you need in your application. And of course, you can always change your mind later. :)The one tricky thing about this operation is picking the attributes you need. Consider that for some set of classes you’re creating, there is a minimum set of attributes that each class will require in order to be created properly. Should you miss some of them, you will get errors such as this one:
Processing Entry: Page 2, Frame 1, Entry 65, Count 1, USN 0Processing source entry <guid=09e91eb3653f004fb8f8350d6ef2d577>Processing in-scope entry 09e91eb3653f004fb8f8350d6ef2d577.Adding target object CN=Domain System Volume (SYSVOL share),CN=NTFRS Subscriptions,CN=EFLEIS-DF2,OU=Domain Controllers,ou=SyncTargetOU.Adding attributes: sourceobjectguid, objectClass, instanceType, lastagedchange,Ldap error occured. ldap_add_sW: Object Class Violation.Extended Info: 0000207C: UpdErr: DSID-0315116B, problem 6002 (OBJ_CLASS_VIOLATION), data 0
C:\>err 207C# for hex 0x207c / decimal 8316 : ERROR_DS_MISSING_REQUIRED_ATT winerror.h# A required attribute is missing.
<attributes> <include></include> <exclude>extensionName</exclude> <exclude>displayNamePrintable</exclude> <exclude>flags</exclude> <exclude>isPrivelegeHolder</exclude> <exclude>msCom-UserLink</exclude> <exclude>msCom-PartitionSetLink</exclude> <exclude>reports</exclude> <exclude>serviceprincipalname</exclude> <exclude>accountExpires</exclude> <exclude>adminCount</exclude> <exclude>primarygroupid</exclude> <exclude>userAccountControl</exclude> <exclude>codePage</exclude> <exclude>countryCode</exclude> <exclude>logonhours</exclude> <exclude>lockoutTime</exclude> </attributes>
<attributes> <include>description</include> <include>frsstagingpath</include> <include>fRSRootPath</include> <include>sourceObjectGuid</include> <include>lastAgedChange</include> <exclude></exclude> </attributes>
Finished (successful) synchronization run.Number of entries processed via dirSync: 169Number of entries processed via ldap: 3Processing took 10 seconds (0, 1085404416).Number of object additions: 168Number of object modifications: 4Number of object deletions: 0Number of object renames: 3Number of references processed / dropped: 0, 0Maximum number of attributes seen on a single object: 6Maximum number of values retrieved via range syntax: 0