MsDS-sourceanchor

  • 773 Views
  • Last Post 15 December 2016
Parzival posted this 15 December 2016

Hi everyone

In server 2012r2 and 2016 there is a new attribute in AD called msDS-SourceAnchor. According to MSDN to be used in combination with DirSync.

I was wondering if someone could tell me more about this attribute and what the idea was behind filling it. Reason being the possibly required update on my blog posts for using msDS-consistencyGuid as the source for generating the Base64 ImmutableID

Will the new attribute be filled by AdConnect directly from the Base64 objectGuid? Or will it be filled by a return rule from AAD's immutableID into AD? Or is this all not known yet and is it just added for very far away future use?

To summarize I want to know what the authoritative attribute will be for generating the immutableID with this new attribute available.

Roelf
Sent from my phoneForum info: http://www.activedir.org
Problems unsubscribing? Email admin@xxxxxxxxxxxxxxxx

Order By: Standard | Newest | Votes
kebabfest posted this 15 December 2016

I think this is the attribute that the adconnect (adsync) use to uniquely identity which attribute is used to sync users  e.g  in an environment the source anchor could be Sam account name\userguid\email address etc.




show

kebabfest posted this 15 December 2016

Forget that last message from me.... I will put the bins out.




show

ZJORZ posted this 15 December 2016

Hi, The page https://msdn.microsoft.com/en-us/library/mt242356.aspx mentionsmsDS-SourceAnchor: These new attributes are used to identify the source of authority of an object and define a unique, immutable identifier for the object in the authoritative directory. By the way, that attribute is new in Windows Server 2016, not in Windows Server 2012 R2 Although it looks like it, it does not specifically mention DirSync of Azure AD Connect and that the target directory is Azure AD. If you use one Immutable ID for a specific target directory (Azure AD), you could also use it for another target directory if applicable (one source to rule them all!) It could be a future version of Azure AD Connect will populate the value for that attribute. I do not know that. Until that time you will have to do it yourself as I for example mention in my blog postshttps://jorgequestforknowledge.wordpress.com/blog-post-series/#Azure-AD-Connect%E2%80%93Identifying-Objects-In-AD-And-In-Azure-AD   Met vriendelijke groeten / Kind regards, Jorge de Almeida PintoMVP Enterprise Mobility And Security | MCP/MCSE/MCITPMVP Profile | Blog | Facebook | Twitter Description: Description: Description: Description: Think Green Hi everyone  In server 2012r2 and 2016 there is a new attribute in AD called msDS-SourceAnchor. According to MSDN to be used in combination with DirSync.  I was wondering if someone could tell me more about this attribute and what the idea was behind filling it. Reason being the possibly required update on my blog posts for using msDS-consistencyGuid as the source for generating the Base64 ImmutableID Will the new attribute be filled by AdConnect directly from the Base64 objectGuid? Or will it be filled by a return rule from AAD's immutableID into AD? Or is this all not known yet and is it just added for very far away future use? To summarize I want to know what the authoritative attribute will be for generating the immutableID with this new attribute available.  RoelfSent from my phoneForum info: http://www.activedir.org Problems unsubscribing? Email admin@xxxxxxxxxxxxxxxx

Close