We are still using Fedora Directory Server 1.0.4 and synchronizing with Active Directory. Our procedure for removing accounts includes a waiting period when the AD account is disabled. Disabling the AD account does not inactivate the corresponding FD account. The folks that do account maintenance do not have access to the FD java console, so rather than inactivating the FD account, they delete it using DSGW. Unfortunately, this also deletes the disabled AD account. Is there a way to make sync inactivate the FD account when the AD account is disabled? As an alternative, can we make account activation/inactivation available to our account people via DSGW? Some particulars would be appreciated. I know that setting the "ntuserdeleteaccount" attribute to "false" will prevent the AD account from being removed when the FD account is removed. But new accounts created in AD are duplicated by sync in FD with the attribute set to "true". If anyone could suggest a way to make this default to "false," that would be an improvement. Thanks. -G. -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
