Glenn wrote: >>All you need is to have entries that are 'syncable'. On the FDS side >>this means >>special objectclass and attribute values. On the AD side it only >>means having the entries in the container configured in the sync agreement. >> >> > >If I have entries in DS that do not exist in AD, and I "Initiate Full Re- >synchronization", then these entries should be created in AD, correct? > Incorrect. As I said, they need very particular schema to be sync'ed (entries from AD to FDS will be sync'ed even if they only have basic AD schema though). There is a bit of doc on this here : http://www.redhat.com/docs/manuals/dir-server/ag/7.1/sync.html#2859623 The easiest route might be for you to create a test user using the java console (make it an 'nt user') and then copy the object class and attributes from that.
