Designing Windows SyncChapter 7 Designing Synchronization 147Password Sync must be installed on both Active Directory and NT4 Server in orderto transfer any password changes made on the Windows server. The LDAP Servicemust be installed on a Windows NT4 Server for entries to be added and modifiedover LDAP. (The native language for NT4 Server is NTLM.)Both the Password Sync and the NT4 LDAP Services must be installed on aprimary domain controller (PDC) if those services are necessary on an NT4 Server.Undefined sync behavior will occur of these are not installed on a PDC.Considering a Data MasterThe data master is the server that is the master source of data. Consider whichserver will be the data master when your data resides in two different directoryservices and decide what amount of that information will be shared. The bestcourse is to choose a single directory service to master the data and allow thesynchronization process to add, update, or delete the entries on the other service.How you maintain master copies of your data depends on your specific needs.However, regardless of how you maintain data masters, keep it simple andconsistent. For example, you should not attempt to master data in multiple sites,then automatically exchange data between competing applications. Doing so leadsto a "last change wins" scenario and increases your administrative overhead.Interaction with a Replicated EnvironmentSynchronization links a Directory Server suffix and subtree (e.g.,ou=People,dc=example,dc=com) to a corresponding Windows domain andsubtree (cn=Users,dc=test,dc=com). Each subtree can be synchronized only toone other subtree to avoid naming conflicts and change conflicts.To take advantage of Windows Sync, use it with a Directory Server supplier inmulti-master replication synched to a member of a Windows domain (a PDC forNT4 synchronization). This will propagate changes through both directory systemswhile keeping the information centralized and easy to maintain. It also makes iteasier to master the data. Figure 7-3 shows this arrangement:
