Partitions are only available when using LDAP as the DN-style. In all other cases, a single default partition is used.

Partitions and hierarchies represent the tree structure found in LDAP DN naming. A partition is the highest level in the structure. It commonly represents a replication scope or object scope. The partitions should be considered to on the same level and with no dependency on each other.

What is a partition?

A partition is defined by its behaviors:

  • All import and export operation should be possible to complete by communicating with a single server and a single set of credentials.
  • When a full import is run, the remote server should be able to provide all attributes for all objects for the partition. If the server does return an object, the sync engine can treat it as an implicitly deleted object (known as obsoletion).
  • When a delta import is run, the delta change log has in scope all objects provided by the full import.
  • Shares the same object/attribute schema with all other partitions in the connector.

A partition is not defined by:

  • The scope of reference attributes. Reference attributes can target any object in the connector space.

Some examples of partitions:

  • In Active Directory, each domain is a partition. When talking to a domain controller, it can only provide all attributes for the domain it hosts. There is a Global Catalog on each domain controller, but it does not have a complete copy of all attributes. The delta change log is stored per domain and one domain controller cannot provide delta import for another domain.
  • In the Generic SQL connector, each object type is a partition. When interacting with a SQL database, the expectation is that each object type is represented by a table.

The partitions show up in the connector on the Configure Partitions and Hierarchies page.

Partitions in the Generic SQL connector

Partitions in the Generic SQL connector


The signature for the single method is as follows:

Function GetPartitions(configParameters) As Partition

The return should be a structure of partitions. This structure should be self-explanatory. The only non-obvious property is HiddenByDefault. When set to true, it indicates that the administrator must select Show All to see this particular partition. This should be used for partitions that you do not expect should be imported/exported in normal situations. For example, in the ADMA, the configuration namespace/partition is hidden by default. The configuration does not contain any identity data so it is uncommon to include this particular namespace in an ADMA.

Partitions and DNs

Every partition is defined by its DN. The partitions can have names that imply a hierarchy. For example, in Active Directory you might have an empty forest root domain named and then multiple domains following the structure

When an object is provisioned into the connector space from the MV, the DN is used to determine which partition the object should be put in. When the partitions have names that are part of each other, an object is put in the partition that is deepest.

When running an import, all objects must match the DN in the partition that is currently running. The exception is reference attributes, that can reference objects in other partitions. These objects might not yet have been imported. In that case, a placeholder is created until the object has been imported.