On Tue, 2009-09-08 at 16:08 -0700, Chandrasekar Kannan wrote: > On 09/08/2009 01:04 PM, Morris, Patrick wrote: > > On Tue, 08 Sep 2009, Doug Tucker wrote: > > > > > >> > >>>> OK! The logging was a tremendous help to at least seeing where the > >>>> failure is. When the password change is made on the PDC, passync DOES > >>>> catch it and replicate to 389. However, if the password change occurs > >>>> on the BDC, even though we see the change replicated to the PDC, passync > >>>> is NOT catching it and replicating to 389. Does anyone have any ideas? > >>>> > >>>> > >>> I believe The Password Sync Service must be installed on every Active > >>> Directory domain controller. > >>> > >> It appeared that way for no other reason than it wasn't working, but I > >> can't find anything in the documentation to indicate that, and someone > >> else that responded indicated he sees the change after the BDC > >> replicates it to the PDC. Was just hoping for some official word that > >> states that this must be done. > >> > > I'm not seeing anything in the docs either, > > which docs are you referring to ? Have a url ?. > http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Windows_Sync.html This is what I have been using for how to set this up. I cannot find any reference to the need to install passync on all of the controllers in the domain, it only references the primary. And according to our windows guy here, MS changed terminology, but there is definitely a primary and then the others are bdc's. I agreed that from just a thinking perspective it would have to be done, but then someone in this thread earlier indicated that changes made to his bdc were synced to 389 after it replicated to the pdc, which kinda left me in limbo that I may still have something wrong, and before I have the windows guy start installing it everywhere, I wanted to hear from someone truly "in the know" of what needed to be done. -- 389 users mailing list 389-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users