On Tuesday August 2 2005 6:15 pm, David Boreham wrote: > >But I've checked and rechecked those. My bind DN is cn=Admin. That's the > >correct format, isn't it? > > > >- > > Indeed no. You want the DN for the Administrator user in AD. > Typically that would be something like 'cn=Administrator, ou=users, > dc=company, dc=com'. > However, I would recommend that you use ldapsearch to first establish > the correct DN > (search for all users in AD and go looking for the administrator user). David, I changed the DN as you suggested, and my sync worked (just as I imagine you expected it would). Thank you very much! If I may be so bold as to take advantage of your knowledge and kindness - when I created the Windows Sync Agreement, I specified the DS subtree as ou=People,dc=headquarters,dc=mydomain,dc=com, and the Windows subtree as cn=People,dc=headquarters,dc=mydomain,dc=com. When the sync completed, all Windows users and groups ended up in the FDS People subtree. How would I get Windows groups to populate the FDS gorups subtree, and only users to populate the People subtree? Dimitri
