Hi,
I have 2 questions.
1 - On this diagram : https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/h...
Password replication seems bi-directional...
But on my attemps...
from DS to AD, I can sync users but passwords are always blank.
Only if I change passwords on AD, they'll be replicated on DS.
2- If I delete an user on DS and lauch the replication... The user is not removed on AD.
So, is it possible to sync password from DS to AD ? And is it possible to delete users on DS with replica on AD ?
Thanks a lot
Best regards
Fabien
Hi Fabien,
the answer is "yes" to both of them. I would check if your sync user is member of Domain Admins group, or have equivalent rights. It seems your issue could be related to permissions.
You could find how to grant those permissions in Microsoft documentation, for instance, here:
https://technet.microsoft.com/en-us/library/hh296982.aspx
regards,
German.
----- Original Message -----
From: "Fabien Gasbayet" fgasbayet@lacompagniedesvacances.com To: 389-users@lists.fedoraproject.org Sent: Friday, August 28, 2015 12:46:22 PM Subject: [389-users] replica from DS to AD
Hi,
I have 2 questions.
1 - On this diagram :
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/h...
Password replication seems bi-directional…
But on my attemps…
from DS to AD, I can sync users but passwords are always blank.
Only if I change passwords on AD, they’ll be replicated on DS.
2- If I delete an user on DS and lauch the replication… The user is not removed on AD.
So, is it possible to sync password from DS to AD ?
And is it possible to delete users on DS with replica on AD ?
Thanks a lot
Best regards
Fabien
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
On 08/28/2015 04:46 AM, Fabien Gasbayet wrote:
Hi,
I have 2 questions.
1 - On this diagram :
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/h...
Password replication seems bi-directional…
But on my attemps…
from DS to AD, I can sync users but passwords are always blank.
Only if I change passwords on AD, they’ll be replicated on DS.
Correct. This is the way password sync works - you have to change the password in order to sync it, because this is the only time we have the clear text password. We cannot sync existing passwords which are already hashed/encrypted. We must have the clear text password which is only available when the password is changed.
2- If I delete an user on DS and lauch the replication… The user is not removed on AD.
So, is it possible to sync password from DS to AD ?
And is it possible to delete users on DS with replica on AD ?
Thanks a lot
Best regards
Fabien
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
389-users@lists.fedoraproject.org