This is probably because Microsoft uses the read-only flag to mean 'customised'.
Unfortunately it is not possible to remove the read-only flag from within explorer.
MS recommends using attrib on the folder. To remove the read-only and system attributes on folder 'c:\test' use

attrib -r -s c:\test

See Microsoft Knowledge Base articles
http://support.microsoft.com/kb/256614/ &
http://support.microsoft.com/kb/326549/

Groups in Active Directory have an ObjectCategory of group. Searching for (objectCategory=group) will find all groups from the given search base.

Each Group object contains an integer groupType attribute which holds a set of flags used by Active Directory to define the type of group. The groupType flags are as follows:

0x00000002 Account group.
0x00000004 Resource group.
0x00000008 Universal group.
0x00000010 Application basic group.
0x00000020 Application query group.
0x80000000 Security group.

Security groups have the flag 0x80000000 (which is 2147483648 in decimal) set.
Groups without this flag set are distribution groups.

Active Directory provides the bitwise AND and bitwise OR extensible match filters for examining integer flags. These are represented as 1.2.840.113556.1.4.803 and 1.2.840.113556.1.4.804 respectively.

The following LDAP filter will return security groups using the bitwise AND filter:

(&(objectCategory=group)(groupType:1.2.840.113556.1.4.803:=2147483648))

You must ensure that the Schemus configuration files are generated by the user which will invoke the schemusc tool.

This may be caused if the account from which Schemus was run does not have permissions to write to the working directory used by Schemus. Change the access permissions on the Schemus working directory and all subdirectories or Start Schemus from an account with sufficient access rights.

The Schemus working directory can be found in C:\Documents and Settings\All Users\Application Data\Schemus

Since the directory is distributed, entries in one location include referrals (also called continuation references) which, instead of returning a result, will return a URL from which to continue the search. This is often how sub-domains are searched - there is a referral in the top-level domain to a location from which to search for each sub-domain.

Active directory includes referrals which reference the domain rather than a specific host. The Microsoft DNS should resolve the domain name in these URLs to the domain controller. You will see 3 of these in Active Directory:

ldap://<domain>
ldap://ForestDnsZones.<domain>
ldap://DomainDnsZones.<domain>

where <domain> is your domain, (e.g. example-domain.com).

If you choose to ignore the referral then when the search encounters a referral, the referral URL is ignored. Schemus will not attempt to search the location indicated by the referral. This may cause entries to be missed since the referral may be referencing a directory location that contains data you need to upload.

There are a few ways to work around DNS issues such as this:

1. If you're using a mail synchronization and you are connecting to a Global Catalog (GC) you could connect to the GC port, 3268, instead of the LDAP port, 389. The search will be far quicker and won't follow referrals. You can also search from the root of the directory.

A Global Catalog search will only work if all the necessary data are replicated to the GC. For Address synchronizations, the required email addresses are usually available but for Group and User synchronizations, the full group membership information will not typically be available.

2. If you're not connecting to a GC, you could try moving the search base down a level or two so that the search doesn't encounter the referrals.

3. If you don't mind these always resolving to one host from the machine on which Schemus is running you could force the name resolution by adding some entries to the local hosts file:

<ip address of domain controller> <domain> ForestDnsZones.<domain> DomainDnsZones.<domain>

This is most likely to be caused by continuation references generated by the LDAP server for LDAP referrals to other parts of the directory. Referrals are often stored using the host name of the target LDAP server, which, in the case of a self-referral, can be the name of the original host to which the connection was made. If it is not necessary to follow the continuation references, this can be disabled from the Configuration Wizard. Select the 'Data Source', 'LDAP' page and click the 'Advanced' button. Change 'Continuation references' to ignore.
On Active directory servers, it may be possible to avoid continuation references by connecting to port 3268 on the server rather than port 389. If it is necessary to follow the continuation references, the problem must be resolved either in the LDAP server or on the Client host.
For Unknown Host errors, the problem is most likely to be a failed DNS lookup. Ensuring DNS is working correctly on the computer from which Schemus is run should resolve the issue. Alternatively, the hostnames and IP addresses of the referred servers could be added to the hosts file.
For Connection Refused errors, the problem is likely to be due to incorrect referral information or a failure in the LDAP service on the referred server. Ensure that all the referred LDAP servers are running and/or update the referral entries on the LDAP server.

Schemus is attempting to use the LDAP paging control for search results although the directory doesn't support paging.
Disable paging in Schemus.
Go to the 'Data Source' 'LDAP' page in the wizard
Click the 'Advanced' button.
On the Advanced page, change 'Paging type' from 'page' to 'none'.

Note LDAP searches will still work within a synchronization even without changing the Paging type since if the server reports that paging is unsupported Schemus will always retry without paging.

Apple supplies the Java Runtine Environment as part of Mac OS X. Schemus requires JRE 1.5 or later and this version of JRE is only available with Mac OS X 10.4 (Tiger) or later. If you are currently using an earlier version of Mac OS X then you will need to upgrade to 10.4 (Tiger) in order to be able to use Schemus. We recommend using the latest version of Mac OS X with all applicable updates applied.

The installer requires Windows XP Service Pack 2 or later.

This is most likely to be caused by a lack of physical memory in the machine and therefore not enough memory to start the application.
One work-around is to instruct Schemus to request less memory on startup. The most convenient way of doing this is to place parameter requesting a smaller amount of memory in a file within the folder containing Schemus.
You can download an example below (Schemus.exe.vmoptions), which requests 1024M of memory. This figure can be edited to request less, for example 512M if 1024M is still too much. Note that if you synchronise a large number of addresses, making this number too small could cause Schemus to run out of memory, which would cause synchronizations to fail. On a Windows system, assuming the application was installed to the default location, this file should be copied to C:\Program Files\Schemus where Schemus.exe should be located.
If you also need to adjust the amount of memory for the command-line Schemus, you should make another copy of this file and name it schemusc.vmoptions.
Alternatively, on a Windows system, you can invoke Schemus from a batch file (see schemustest.bat below) which controls the amount of memory used.

	Schemus.exe.vmoptions
	schemustest.bat

By modifying the LDAP search filter it is possible to prevent the upload of addresses from users or contacts in Active Directory for which 'Hide from Exchange address lists' is selected.

To accomplish this, a filter can be added which excludes objects with the attribute msExchHideFromAddressLists set to TRUE.

In the synchronization tool open the configuration and click on 'Modify'.

Click on 'LDAP Search' in the wizard dialog.

The Search filter should already be enclosed in parentheses. If not, append ( to the beginning and ) to the end. Do not include any spaces.

Insert

(&(!(msExchHideFromAddressLists=TRUE))

at the beginning of the existing search filter

and append

)

to the end. Do not include any spaces.

Click 'Save'.