The following sections provide information to help you control which classes and attributes are synchronized between your Identity Vault and the connected LDAP directory. Not only can you choose which classes and attributes are synchronized, but you can also determine which direction they flow (Identity Vault to LDAP, LDAP to Identity Vault, or both).
IMPORTANT:When Active Directory Domain Services is used as a connected LDAP server and LDAP driver is used to synchronize user objects from Identity Vault to Active Directory Domain Services, you must set the dsHeuristics attribute to 000000001 for restricting the userPassword visibility in the LDAP search. For more information, see the Microsoft documentation.