David - At least once a week on our 8,000-user systems, synchronization breaks. Usually it is because the Passsync service on the AD server stops running. Other times, Passync is running, but passwords do not sync. Sometimes passwords sync only one way. Sometimes password sync works when we change the user's password on the domain controller, but it does not work when we change the user's password on the user's Windows XP computer. Sometimes password sync breaks and other attributes continue to synchronize. Often while this is going on, new accounts are not replicated from one system to the other. An aggravating factor seems to be accounts that have attributes allowed in Fedora Directory but not allowed in Active Directory, such as duplicate names or user IDs. The remedy for these problems seems to be to stop and restart Passsync and do a full resync from the Fedora Directory Server console. Duplicate entries must be changed so they are acceptable to AD, and a resync is necessary to get them to replicate. Thanks for the suggestion on creating the resync script. -G. ---------- Original Message ----------- From: David Boreham <david_list at boreham.org> To: "General discussion list for the Fedora Directory server project." <fedora-directory-users at redhat.com> Sent: Wed, 02 Jul 2008 07:01:21 -0600 Subject: Re: Scheduled Resync with Windows Sync? > Glenn wrote: > > It is difficult to know when a full resynchronization is necessary for a > > given Windows Sync agreement. > Why do you want to perform a full sync ? Typically that would only > be done if a) the servers had been out of contact for a long time or > b) when bringing up a new server or c) if the software is broken. > > I would like to be able to start a full resync > > from a cron script. Is this possible, or is there any other way to schedule > > a full resync to run periodically without human intervention? > > > You can do this. The console initiates sync by writing to an LDAP > entry in the server's agreement tree. I'm not sure if this is > documented so you might need to snoop the traffic from a manual > operation and then write a script to generate the same result. > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users ------- End of Original Message -------