Hi, I am testing what happens when you create a new user and sync it to AD. Using Fedora DS 1.1.3 and AD 2003 R2 SP2. If I use the console to create a new user and tick the Enable NT User Attributes, Create New NT Account etc the new user appears in AD but is disabled. Looking at the code it seems that send_accountcontrol_modify() gets the userAccountControl settings from AD adds 0x0200 (Normal Account) and sends it back. Looking at the traffic between Fedora DS and AD it appears that Fedora DS is getting ACCOUNTDISABLE in userAccountControl from AD. Should FedoraDS be unsetting ACCOUNTDISABLE or should AD not be setting it in the first place? If it is a problem with AD then can anyone point me to where I tell it to do the right thing? Thanks John
