GALSync: How to Work with More Than One Partition in a Management Agent

OVERVIEW

We have an Active Directory Topology that contains a Root Domain Controller, and several Child Domain Controllers. 

In working with our Identity Management solutions we may have an Active Directory Domain Services Management Agents or an Active Directory Global Address List (GAL) Management Agent.  On the Configure Directory Partitions Tab, you decide/need to select multiple partitions (multiple child domains) that you would like to pull objects from to bring to the synchronization service engine, in the Select Directory Partitions section.

Here is a check list of things that we need to do in order to get to the data in each of the partitions.

1. We need to ensure that we have the proper containers selected for each partition
2. We need to ensure that we have set the Import and Synchronization run profiles to pull from the multiple partitions.

Once we have done the above steps, then we should be ready to pull the data into the Synchronization Service Engine.

SELECTING THE CONTAINERS FOR EACH PARTITION

1. On the Configure Directory Partitions Tab, select the first partition that we will be utilizing in your solution. 
2. With that partition selected, click on Containers
3. Deselect the top most item
4. Check only the containers that you want in scope with your Identity Management Solution
5. Click Ok
6. In the Directory Partitions area, select the next partition that we will be utilizing in your solution.
7. Repeat steps 2-5 to select the containers
8. If we have more than 2 partitions selected, simply repeat steps 6 and 7 until all partitions have the containers selected for the solution.
9. Once we have completed the above, you will either continue forward in creating the management agent, or click the ok button to save the management agent properties.
10. In the Synchronization Service Manager Console, select Management Agents
11. With the Management Agent that has multiple partitions selected, select Configure Run Profiles from the Actions menu.

UPDATE THE RUN PROFILES

*NOTE* I am going to walk through creating a new run profile with multiple steps for the partitions.  If you are familiar with editing an existing run profile, or can follow along to edit, that will be fine as well.

1. Create a new run profile by clicking the New Profile button
   1. Name: Full Import (Stage Only)
2. Click the Next button
   1. Type: Select Full Import (Stage Only)
3. Click the Next button
4. Leave the default partition for the first item.  When going through these steps again, choose the next partition in the drop down list.
5. Click the Finish button
6. Click the New Step button (just above the Ok button)
7. Repeat steps 4a through 7 until you have a step for each partition
8. Notice that we have multiple steps here for the Full Import (Stage Only).
9. Now repeat steps 3 through 9 for the following run profiles:
   1. Full Synchronization
   2. Delta Import (Stage Only)
   3. Delta Synchronization
10. Once we have completed that, then we are set to execute our runs.

IDENTITY MANAGEMENT RESOURCE WIKI PAGES

• Current Forefront Identity Manager Resources: http://social.technet.microsoft.com/wiki/contents/articles/forefront-identity-manager-resources.aspx  
• Current Certificate Lifecycle Manager Resources: http://social.technet.microsoft.com/wiki/contents/articles/current-certificate-lifecycle-manager-resources.aspx 
• Current GalSync Resources: http://social.technet.microsoft.com/wiki/contents/articles/1726.global-address-list-synchronization-galsync-resources.aspx  
• Current PCNS – Password Synchronization Resources: http://social.technet.microsoft.com/wiki/contents/articles/2762.pcns-password-synchronization-resource-wiki.aspx 
• Extension-DLL-Exception Resources: http://social.technet.microsoft.com/wiki/contents/articles/7515.sync-extension-dll-exception.aspx