Re: AD replication agreement with 2 different servers/domains

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 10/24/2012 11:03 AM, Juan Asensio Sánchez wrote:

Hi Dan

Yes, I am trying to sync the same OU to two different servers/domains.
This is due to the users in our directory are splitted into several
organizations, and each organization is semi-self-managed. Some of
that organizations have replication agreements with their own AD
domain. Now we want from the "central organization" to replicate all
the users (from all the organizations) to a new AD domain which will
provide mail with Exchange, so each user's OU will have two Windows
replication agreements (one with the organization AD domain and other
with the new "central organization" AD domain with Exchange).

Anyone experienced with a topology like this?


Would https://fedorahosted.org/389/ticket/460 solve your problem?



NB: Don't ask why we don't use the existing AD domains, boss things...

Regards.


2012/10/24 Dan Lavu<dan@xxxxxxxx>:

Juan,

The winsync utility is not designed to write to the same ou in 389, can you
separate the sync agreements into two different OU's or databases? I'm
making the assumption that you are making the agreements to the same OU in
389. If you're not writing to the same OU, can you go into more detail about
the design?

Dan

________________________________
From: "Juan Asensio Sánchez"<okelet@xxxxxxxxx>
To: 389-users@xxxxxxxxxxxxxxxxxxxxxxx
Sent: Wednesday, October 24, 2012 7:09:41 AM
Subject:  AD replication agreement with 2 different
servers/domains


Hi

I am trying to configure the replication between 389DS an two
different servers and domains in Active Directory. The first
replication agreement works fine, and the second works fine too in the
initialization. But when I modify some user, the change is replicated
to the first server/domain, but not to the second ones. I think this
is due to the first agreement has created the objectGUID in AD, and
replicated to 389DS in the ntUniqueId attribute, but with the second
agreement, the second server domain has created a different objectGUID
but not replicated/overwrote the previous ntUniqueId created by the
first agreement (that then would break the first agreement). Is this
correct? Is there any way to solve/workaround this?

Regard and thanks in advance.
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users


--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users


--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux