[Fedora-directory-users] Windows Sync Errors

Glenn glenn at mail.txwes.edu
Mon Jan 8 22:31:36 UTC 2007 

One more entry is required -- objectclass: ntuser

-Glenn.

---------- Original Message -----------
From: "Glenn" <glenn at mail.txwes.edu>
To: david_list at boreham.org, "General discussion list for the Fedora Directory 
server project." <fedora-directory-users at redhat.com>
Sent: Mon, 8 Jan 2007 14:32:07 -0600
Subject: Re: [Fedora-directory-users] Windows Sync Errors

> O.K., I think I have it now.  It seems that the DS entry must have 
> an "ntUserDomainID" attribute before Windows Sync can write it to 
> the AD.  Also, the "ntusercreatenewaccount" attribute must have a 
> value of true.  These attributes and their values can be adjusted in 
> the console directory editor under each user's NT User page.
> 
> Some attributes and their counterparts in Active Directory are 
> mentioned in the Windows Sync manual, but the requirements for 
> synchronization are not plainly enumerated.  Such a list might make 
> a worthwhile addition to a future edition of the manual.
> 
> Thanks for your kind responses!   -Glenn.
> 
> ---------- Original Message -----------
> From: David Boreham <david_list at boreham.org>
> To: "General discussion list for the Fedora Directory server 
> project." <fedora-directory-users at redhat.com>
> Sent: Mon, 08 Jan 2007 10:46:26 -0700 Subject: Re: [Fedora-directory-
> users] Windows Sync Errors
> 
> > Glenn wrote:
> > 
> > >>All you need is to have entries that are 'syncable'. On the FDS side 
> > >>this means
> > >>special objectclass and attribute values. On the AD side it only 
> > >>means having the entries in the container configured in the sync 
> agreement.
> > >>    
> > >>
> > >
> > >If I have entries in DS that do not exist in AD, and I "Initiate Full Re-
> > >synchronization", then these entries should be created in AD, correct? 
> > >
> > Incorrect. As I said, they need very particular schema to be sync'ed
> > 
> > (entries from AD to FDS will be sync'ed even if they only have basic 
> > AD schema though). There is a bit of doc on this here : 
> > http://www.redhat.com/docs/manuals/dir-
> > server/ag/7.1/sync.html#2859623 The easiest route might be for you 
> > to create a test user using the java console
> > (make it an 'nt user') and then copy the object class and attributes 
> > from that.
> > 
> > --
> > Fedora-directory-users mailing list
> > Fedora-directory-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> ------- End of Original Message -------
> 
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
------- End of Original Message -------

More information about the Fedora-directory-users mailing list