FDS AD Sync

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



When you are replicating to AD, user accounts are fully synced upon creation.  If you create a new user in FDS, the account and password will be immediately synced to AD.  The issue is with accounts that already exist in AD (I am not sure about those that are in FDS) before a replication agreement is set up.  If you are just now setting up FSD and want accounts created in FDS to also be created in AD at the same time, then you should not have any trouble if you have set up replication correctly.

We use FDS for provisioning new accounts via a portal.  The account is created in FDS and it is replicated to AD.  The user can immediately log onto our network.  The PassSync part on AD makes sure that if their password is changed via the windows tools (Ctrl-Alt-Del -> change password, Computers and Users MMC -> reset password), it will also set the new password in FDS.  Our system goes both ways.  Accounts can be created in either directory, and they will be replicated (with passwords) to the other one.

Again, the issue is not with account creation, but with handling accounts that already exist before replication is set up.  AD will not allow passwords to be read, only to be compared, and that is the main problem.  I am not sure about FDS, and it may be possible to get the passwords out in order to reset them.  Importing an ldif file to change the passwords will work, providing the passwords are in plain text.  So if you can find a way to  export the passwords in plain text (with the uid or dn), you may be able to reset them all in both directories in one fell swoop.

Good luck (and be careful)

>From your mail, i understood that you are trying to sync passwords from AD
>to FDS. I am trying to sync accounts the other way round from FDS to AD.
>
>If pass sync doesn't full sync accounts between FDS and AD which i regard as
>a replica of FDS, when i create new user i have to create him on the AD and
>ask the user who's password is already saved on FDS to login and change his
>password which he just created!
>
>This is wasn't i hoped for  :( 
>
>regards,
>Abdelrahman

-- 
Daniel Shackelford
Systems Administrator
Technology Services
Spring Arbor University
517 750-6648

"For even the Son of Man did not come to be served, but to serve, and to give His life a ransom for many"
Mark 10:45




[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux