We are making some test in order to synchronize 389 Directory with an Active Directory. We don’t install pass sync because we need only to synchronize password from the 389 Directory instance. Everything works well, but when we analyze the user on Active Directory that were synchronized from the 389 Directory, we notice that the AccountUserControl value was 544, that’s mean NORMAL ACCOUNT + PASSWD_NOTREQD. Due to security reason it is not acceptable for us, at least it must be 514 (only NORMAL_ACCOUNT).
We search a way to modify this behavior, but we cannot find anything. Is there any way to force this value for new user synchronize to the Active Directory ?
OS : CentOS 6.5
389 Directory version : 389-Directory/220.127.116.11 B2013.357.177
Active Directory on Windows 2008R2
-- 389 users mailing list firstname.lastname@example.org https://admin.fedoraproject.org/mailman/listinfo/389-users