One more entry is required -- objectclass: ntuser -Glenn. ---------- Original Message ----------- From: "Glenn" <glenn@xxxxxxxxxxxxxx> To: david_list@xxxxxxxxxxx, "General discussion list for the Fedora Directory server project." <fedora-directory-users@xxxxxxxxxx> Sent: Mon, 8 Jan 2007 14:32:07 -0600 Subject: Re: Windows Sync Errors > O.K., I think I have it now. It seems that the DS entry must have > an "ntUserDomainID" attribute before Windows Sync can write it to > the AD. Also, the "ntusercreatenewaccount" attribute must have a > value of true. These attributes and their values can be adjusted in > the console directory editor under each user's NT User page. > > Some attributes and their counterparts in Active Directory are > mentioned in the Windows Sync manual, but the requirements for > synchronization are not plainly enumerated. Such a list might make > a worthwhile addition to a future edition of the manual. > > Thanks for your kind responses! -Glenn. > > ---------- Original Message ----------- > From: David Boreham <david_list@xxxxxxxxxxx> > To: "General discussion list for the Fedora Directory server > project." <fedora-directory-users@xxxxxxxxxx> > Sent: Mon, 08 Jan 2007 10:46:26 -0700 Subject: Re: [Fedora-directory- > users] Windows Sync Errors > > > Glenn wrote: > > > > >>All you need is to have entries that are 'syncable'. On the FDS side > > >>this means > > >>special objectclass and attribute values. On the AD side it only > > >>means having the entries in the container configured in the sync > agreement. > > >> > > >> > > > > > >If I have entries in DS that do not exist in AD, and I "Initiate Full Re- > > >synchronization", then these entries should be created in AD, correct? > > > > > Incorrect. As I said, they need very particular schema to be sync'ed > > > > (entries from AD to FDS will be sync'ed even if they only have basic > > AD schema though). There is a bit of doc on this here : > > http://www.redhat.com/docs/manuals/dir- > > server/ag/7.1/sync.html#2859623 The easiest route might be for you > > to create a test user using the java console > > (make it an 'nt user') and then copy the object class and attributes > > from that. > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users@xxxxxxxxxx > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > ------- End of Original Message ------- > > -- > Fedora-directory-users mailing list > Fedora-directory-users@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-directory-users ------- End of Original Message ------- -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
