We're looking to move user enrollment from the generic LDAP connector attached to eDirectory over to the Active Directory connector. The primary reason being that we're currently binding user objects to the user's Distinguished Name which means any time our Admin's move a user in eDirectory, which happens often, that binding is invalidated.
In order to do this I need to script some new bindings for each existing user object in SafeBoot to add the user's objectGUID attribute before turning on the new AD connector and disabling the LDAP connector. If anyone has any existing scripts they can share to speed things along for me they would be most appreciated. Additionally any warnings or recommendations from those who've done a connector swap before would be great, we're currently running SafeBoot 5.1.3 (build 5140). Scripts in AutoIT or vbscript would be best but I can do any necessary rewrites in most any scripting language.
If possible please reply back here, otherwise I've enabled receiving emails through the board. Thanks!
Most of the code you need is in the autodomain script if you have that already. You simply need the AD API script which is part of autodomain to read the GUID's etc, and the createbinding function, also part of ad..
it's probably only 10 lines of code in addition to those modules as you won't need any UI or error checking. I'm out of the country for a week otherwise I'd put it here for you.
We thought of doing that but the UID isn't enforced as globally unique, at least here, so there's a chance of duplicates. Unfortunately we have to wait until Identity Manager is fully configured before AD will be ready for this switch.