When you set a profile field to use Active Directory, it tells IIS to grab the data from your LDAP domain controller instead of from the SQL server.
1. when you open a webpage that has AD information in it, IIS will reach out to the domain controller and request that information
2. The example below is pulling the "First Name" field from AD.
3. When IIS gets this information, it builds the webpage on the fly and displays it to the user.
4. There was no syncing while the webpage is being built. The SQL server is ignored if the data is set to come from AD.
5. No data from AD is written to the SQL server if you have chosen to use AD as the source. For example, if you choose to pull the "hire date" from AD, it will not be written to the SQL database.
6. If a Profile field is set to Default, it will pull the data from the SQL server. If SQL is the source, the AD information will be ignored.
Please see the attached Powerpoint to view how the flow of information works.
** Special note**
When a user first opens the portal, it will automatically create the users' profile in SQL. This will write the First Name, Last Name, and Email, to the SQL database based on their windows login.
Active Directory does not have the ability to change the information in the SQL database, nor can the SQL database change the information in the Active Directory.
The only time any kind of Syncing happens is if you have chosen to have the portal "delete users if you delete them in AD". In this situation, you can choose a sync time under Portal tools - Manage Portal Framework - Portal Framework. This is a delete flag, it does not write data, it will delete the account.