Hello list, According to the RHDS Administration Guide in the chapter on Windows Sync(page 531): "The membership of groups is synchronized with the constraint that only those members that are also within the scope of the agreement are propagated" (note that I did not read this before the test) I have tried the following: In AD I have: ou=LinuxUsers ou=LinuxGroups I have configured two separate synchronization agreements in RHDS, one that populate ou=People from ou=LinuxUsers in AD and one that populate ou=Groups from ou=LinuxGroups in AD. The synchronization works, and after it is complete I use ldapsearch on ou=Groups in RHDS and ou=LinuxGroups in AD and the member-attributes is indeed missing on the RHDS side. So, in order to keep group-membership I need to synchronize the parent ou of both users and groups. So something like ou=LinuxUsers,ou=Linux, dc=... and ou=LinuxGroups, ou=Linux, dc=... must be created in AD, and in the synchronization agreement I will sync ou=Linux and get both users and groups. The alternative is to synchronize with the current parrent of LinuxUsers and LinuxGruops. Is this correct? Do you know why this "limitation" exists? Thanks Erling
