UxBoD wrote: > Is the DIT object ntuniqueid constructed from the Windows user object uuid and domain sid to keep the uniqueness ? > ntuniqueid == AD objectGUID > Sent from Zimbra and my HTC Desire > > > > ----- Reply message ----- > From: "John A. Sullivan III" <jsullivan at opensourcedevel.com> > Date: Tue, Jul 27, 2010 21:42 > Subject: Synching with multiple Windows ADs > To: <389-users at lists.fedoraproject.org> > > Hello, all. I know one can only have one sync agreement with an AD. > However, is it possible to have a sync agreement with multiple ADs. We > would like to synchronize the top of our tree with our main, > multi-tenant AD and then synchronize lower levels of the domains with > separate domains controlled by our clients. Thus, the same users and > groups are synchronized to two different AD trees. > > As much as we dearly want this to work, I think it is asking for trouble > as the GUID from AD is passed back to LDAP as part of the > synchronization. Since these GUIDs will be different for the same user > from different AD trees, is this a problem? > > I know that sounds a bit convoluted so let me give an example. I have a > user Joe in LDAP. I synchronize him to MyAD so he is MyAD\Joe. I also > synchronize him to TheirAD so he is also TheirAD\Joe. The GUID for MyAD > \Joe is different from the GUID for TheirAD\Joe even though it is the > same LDAP Joe. Is that a problem? Thanks - John > > -- > 389 users mailing list > 389-users at lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users > > > ------------------------------------------------------------------------ > > -- > 389 users mailing list > 389-users at lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users
