Nicholas Byrne wrote: > Is it possible to do a syncronisation of a windows peer without the > windows user who i use to bind being a domain admin? No. I'm not 100% sure but I believe you need to be a domain admin to use the dirsync control, which FDS uses to pull entries from AD. If that isn't the problem then I'm not sure what's going on. You certainly need to bind as a domain admin to modify passwords in AD, but from your desciption of the problem you're not expecting that to work anyway, just the AD->FDS entry sync functionality. Note that because passwords are modified with a separate operation, outbound sync (sans passwords) should still work if the bind identity is not a domain admin (but has rights to modify the target entries).
