Is the DIT object ntuniqueid constructed from the Windows user object uuid and domain sid to keep the uniqueness ? Sent from Zimbra and my HTC Desire ----- Reply message ----- From: "John A. Sullivan III" <jsullivan at opensourcedevel.com> Date: Tue, Jul 27, 2010 21:42 Subject: Synching with multiple Windows ADs To: <389-users at lists.fedoraproject.org> Hello, all. I know one can only have one sync agreement with an AD. However, is it possible to have a sync agreement with multiple ADs. We would like to synchronize the top of our tree with our main, multi-tenant AD and then synchronize lower levels of the domains with separate domains controlled by our clients. Thus, the same users and groups are synchronized to two different AD trees. As much as we dearly want this to work, I think it is asking for trouble as the GUID from AD is passed back to LDAP as part of the synchronization. Since these GUIDs will be different for the same user from different AD trees, is this a problem? I know that sounds a bit convoluted so let me give an example. I have a user Joe in LDAP. I synchronize him to MyAD so he is MyAD\Joe. I also synchronize him to TheirAD so he is also TheirAD\Joe. The GUID for MyAD \Joe is different from the GUID for TheirAD\Joe even though it is the same LDAP Joe. Is that a problem? Thanks - John -- 389 users mailing list 389-users at lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
