Abdelrahman wrote:
There is some setting in the AD configuration which says to disable new users. It is on by default. You have to find it and tell it not to disable new users.Mr. Daniel,Luckly, i have the accounts previously on FDS therefore, i think i won't face the same problem you have. Yet, when i create a new user on FDS via Console its not fully sync to AD. only the username is sync but the accounts becomes automaticly disabled on the AD and the user have to reset his password!It might be a problem with my configuration but i don't know where.
regards, AbdelrahmanOn 3/31/06, *Daniel Shackelford* < dshackel@xxxxxxxxx <mailto:dshackel@xxxxxxxxx>> wrote:When you are replicating to AD, user accounts are fully synced upon creation. If you create a new user in FDS, the account and password will be immediately synced to AD. The issue is with accounts that already exist in AD (I am not sure about those that are in FDS) before a replication agreement is set up. If you are just now setting up FSD and want accounts created in FDS to also be created in AD at the same time, then you should not have any trouble if you have set up replication correctly. We use FDS for provisioning new accounts via a portal. The account is created in FDS and it is replicated to AD. The user can immediately log onto our network. The PassSync part on AD makes sure that if their password is changed via the windows tools (Ctrl-Alt-Del -> change password, Computers and Users MMC -> reset password), it will also set the new password in FDS. Our system goes both ways. Accounts can be created in either directory, and they will be replicated (with passwords) to the other one. Again, the issue is not with account creation, but with handling accounts that already exist before replication is set up. AD will not allow passwords to be read, only to be compared, and that is the main problem. I am not sure about FDS, and it may be possible to get the passwords out in order to reset them. Importing an ldif file to change the passwords will work, providing the passwords are in plain text. So if you can find a way to export the passwords in plain text (with the uid or dn), you may be able to reset them all in both directories in one fell swoop. Good luck (and be careful) >From your mail, i understood that you are trying to sync passwords from AD >to FDS. I am trying to sync accounts the other way round from FDS to AD. > >If pass sync doesn't full sync accounts between FDS and AD which i regard as >a replica of FDS, when i create new user i have to create him on the AD and >ask the user who's password is already saved on FDS to login and change his >password which he just created! > >This is wasn't i hoped for :( > >regards, >Abdelrahman -- Daniel Shackelford Systems Administrator Technology Services Spring Arbor University 517 750-6648 "For even the Son of Man did not come to be served, but to serve, and to give His life a ransom for many" Mark 10:45 -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx <mailto:Fedora-directory-users@xxxxxxxxxx> https://www.redhat.com/mailman/listinfo/fedora-directory-users ------------------------------------------------------------------------ -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
