When changes have been made to directory objects since a previous export operation, directory access functions can detect these changes by checking each object’s update sequence number (USN). The USN is a counter maintained by the directory on a specific server. It is incremented whenever an object in the directory is changed, and then written into the USN-Changed attribute of the changed object. The USN therefore indicates the order in which a given object was altered relative to other objects in the directory on that server.
The USN-Created attribute is the value of USN-Changed that was assigned to the object at its creation. The USN-Created attribute does not change when the object is modified. The USN-Created attribute can be used in conjunction with USN-Changed to determine whether the object has been created or merely modified since the last export operation. This attribute can also be used to determine whether a deleted object existed at the time of the last export operation, or if it was both created and deleted since the last export operation.
A deleted object remains in the directory for a time in the form of a tombstone (an object with the Is-Deleted attribute set). Tombstones older than a certain age (the default is 30 days) are periodically deleted in a process known as garbage collection. If a directory synchronization program waits longer than the tombstone lifetime between updates, an object may be deleted and its tombstone removed before the directory synchronization program can read it. In this case, the foreign system may not be informed that the object has been deleted from the directory.
However, a directory synchronization process can tell if any deleted objects have been removed by examining the object’s PR_EMS_AB_USN_LAST_OBJ_REM property. If this property is greater than the largest USN exported in the most recent directory synchronization, a deletion has been missed. The DIRSYNC sample application does not check this attribute. Directory access functions can generate a list of the changed objects by selecting only those objects with a USN greater than the largest USN returned during a previous export. When this list is generated for the first time, it includes all objects in the directory. For more information about USNs, see Selecting Objects to Export and Accessing Directory Attributes with MAPI.
Directory synchronization should be carried out from the same server each time. The USN for an object is server specific — it applies to this object only on this server. The USNs for a single object on different servers are not synchronized and are not likely to be the same. Replicas of objects will probably have different USNs on different servers. When a changed object is replicated to another server, the USN for the object on the second server is updated, but is not likely to be the same as the USN on the first server. For this reason, exports from different servers to the same foreign site would use a different set of USNs and would export incorrect data.
If the server for directory synchronization becomes unavailable, a new server is selected and the entire directory from that server is exported. Subsequent incremental synchronizations are performed from that server, or the same procedure is repeated to enable a new server.
The directory access functions create a formatted file that contains the information for all the exported objects. Alternately, they can pass the objects one-by-one to a caller-specified routine, which in turn can write them to a file in whatever format has been chosen. An export file generated in this manner can then be sent to another system, or it can be written directly to the foreign system’s import agent.
Agents on remote Microsoft Exchange Server systems can also generate export lists in directory-import format. Many foreign systems can be programmed to generate such lists from their databases. These export files are then mailed to the local Microsoft Exchange Server system, received through a gateway, and then imported using directory access functions.