The export directory access functions can use the USN-Changed attribute to detect whether a directory object has changed since the last export, but they cannot determine which of the object’s attributes have changed. Although callers of directory access functions can specify which attributes to return by using the pAttributes parameter, an object is still exported if other irrelevant attributes change.
For example, when a new address type is added to a Microsoft Exchange Server system, a proxy address is generated for every recipient in the Microsoft Exchange Server system. That causes every recipient to be marked as changed and new USN-Changed values to be generated, even though the changes may not be among the attributes that are exported.
The directory synchronization agent is responsible for determining whether a directory object has changed in a significant way, and therefore whether to keep the object in the export file. The DIRSYNC sample application uses the USN-Changed attribute to determine which objects to export. DIRSYNC does not decide if the change is significant, but simply exports all changed objects.
One advantage to using the directory access functions for directory synchronization is that no mail connection between the synchronizing systems is required. The designer is free to select whatever communications method is most appropriate. For example, a service can be designed to run periodically and check for changes in a database of users. Alternately, the database can be programmed to wake up the service when changes occur, which then reads and exports them. If a direct network connection exists between this service and the Microsoft Exchange Server directory that needs to be updated, no electronic messaging is necessary to send the changes to the directory. Instead, the service can directly call directory access functions to import changed data into the Microsoft Exchange Server directory.