Active Directory Synchronization with WSS and MOSS

In a Microsoft Office SharePoint Server 2007 deployment, a person defined in Windows SharePoint Services 3.0 and a person defined in Office SharePoint Server 2007 are the same. To deliver consistent objects across the deployment in both Windows SharePoint Services 3.0 and Office SharePoint Server 2007, both implement person synchronization.

Person synchronization is bidirectional. In the up direction, the Windows SharePoint Services site collection membership list is pulled into the Office SharePoint Server 2007 user profile database to inform Office SharePoint Server 2007 about which users are a member of which sites and allow incremental synchronization. In the down direction, the Office SharePoint Server 2007 user profile database sends down replicable user profile information for all members in the site collection.

Synchronization actions are either full or incremental. On first synchronization or restore, Office SharePoint Server 2007 may not have previous synchronization or site collection membership information, so a full synchronization takes place. If previous synchronization information is found, an incremental synchronization is performed instead.

If a user is removed from the Windows SharePoint Services site collection membership list, that user is no longer recognized as a member of the site collection, and Office SharePoint Server 2007 no longer synchronizes profile information for that user.

If a user leaves the environment (is no longer in the Office SharePoint Server 2007 user profile store or in Active Directory), that user remains in the Windows SharePoint Services membership list for that site collection until he or she is removed from the list. Office SharePoint Server 2007 flags the user and ceases to synchronize any information for that user. However, Office SharePoint Server 2007 does not alter the Windows SharePoint Services site collection membership list in response to a user who is no longer in the Office SharePoint Server 2007 user profile store.

stsadm -o sync sets the timing, deletes old sync info from the db and allows you to control the sync process.

There are third party tools UserProfile Sync on Codeplex http://userprofilesync.codeplex.com/releases/view/13227 and there are a couple of tools from bamboo Solutions: User Profile to Active Directory Export for SharePoint sites syncs from SharePoint to AD, there are five sync types offered with User Profile Sync.

They are: 
  • MOSS 2007 User Profile database to Active Directory.
  • Active Directory to a WSS 3.0 User Information List.
  • WSS 3.0 User Information List to a WSS 3.0 User Information List(s).
  • Active Directory to a Contacts List in WSS 3.0 or MOSS 2007.
  • A Contacts List in WSS 3.0 to a WSS 3.0 User Information List(s).

In short, WSS doesn't synchronize. it's a once-only copy when the user is added to a site. If you want synch, install MOSS, and activate the user profiles feature on the site, and in the user profile properties you can map to AD properties, and you can set if the property is replicable - "if you want the property to display in the user info list for all sites"
For article to understand User Profiles and User Information List synchronization, click here
I hope this helps your understanding of UserProfile Syncronization with WSS, MOSS, and AD.