Hugo Etievant a ?crit : > hello, > > jean-No?l Chardron a ?crit : >> Hello, >> >> I have a Network with two Windows 2000 server , I suppose one is >> master (or primary) and one is secondary - I don't know exactly the >> vocabulary of Windows. the AD is "replicated" over the two Windows >> Server >> >> I installed synchronization between the FDS server and the AD on a >> host (say Windows-1 server), with Agreement replication >> then I installed the password sync on the Windows-1 host. >> All is ok when the password is changed on the Windows-1 server, the >> password is synchronized to the FDS. >> >> Now when a user change his password on a windows XP station in the AD >> (the operation is CTRL+ALT+DEL then change password) the password is >> not necessary sync to the FDS. >> my hypothesis : it seems it depends on which windows server the >> password has been changed. Some time the password is sync when, I >> suppose, the Windows1 server answer to the request to change the >> password, but when the windows2 server answer , then the password is >> not sync. >> >> is my hypothesis correct ? > Yes, it is correct. > Password is captured in clear by passsync service into the AD server > witch is used by workstation for changing password operation. > Master AD server give password to slave servers in no-clear mode and > crypted password can not be captured by passsync service. > > >> Can I install the password sync programm on the other Windows2 server >> even if the replicated agreement is beetween FDS and Windows1 server >> ? wich will behavior be ? > No, you can't. > > In the AD-FDS synchronization architecture, only one synchronization > is allowed. > If you install two passsync services into two AD servers you take > risks to create problems in replication. > > cf : > http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Windows_Sync.html > "WARNING : There can only be a single sync agreement between the > Directory Server environment and the Active Directory environment. > Multiple sync agreements to the same Active Directory domain can > create entry conflicts." > > This is the point of failure of the FDS/windows sync architecture. > > thank you for your reply However by looking in the documentation PDF I found this: 9.2.4. Step 4: Install the Password Sync Service Password Sync can be installed on every domain controller in the Active Directory domain in order to synchronize Windows passwords. I do not know how to interpret the above So I installed a second passSync.msi on the slave windows2 server > regards > -- Jean-Noel Chardron D?l?gation CNRS Aquitaine et Limousin Service du Traitement de l'Information Avenue des Arts et m?tiers BP 105 33402 TALENCE - FRANCE t?l : (33) 5.57.35.58.41 fax : (33) 5.57.35.58.01 MSN : jnc at dr15.cnrs.fr
