Is there any hope that a virtual view would be enough ? I have indeed a single ou for all the users in FDS.
Not without code changes, I don't think so. The code uses certain criteria to determine if a given entry 'belongs' in the target AD. It can support multiple AD domains (create multiple sync agreements). However the criteria are : correct object class, and correct subtree. Therefore your entries would match for both agreements and hence get sync'ed to both AD domains, which is not what you want. The 'fix' would be to store the domain name in the entry (possibly this is already done, I can't remember), and then add that to the criteria for syncing. -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
