Hi,
I've got 389-ds configured and I'm busy setting up my sync agreement with my Windows AD server.
My AD has nested OUs e.g. -DivisionOU1 --BranchOU ---Department1OU ---Department2OU --Branch2OU ---Department1OU ---Department2OU
All my users and groups sit in the Department OUs and if I setup my agreement to sync on the Department OU it syncs the users in OU.
If I however point it higher up in the hierarchy it doesn't go down the levels and sync the OUs below it.
Do I need to setup a separate agreement for each OU? Or is there a way I can sync the whole DivisionOU recursively?
I tried searching on the internet for the answer, but all I come across are other people asking the same question and receiving no answer.
Chris Visser Linux/Network Infrastructure
================== Please read our Email Disclaimer : http://www.rtt.co.za/disclaimer.html
On 07/09/2012 07:48 AM, Chris Visser wrote:
Hi,
I've got 389-ds configured and I'm busy setting up my sync agreement with my Windows AD server.
My AD has nested OUs e.g. -DivisionOU1 --BranchOU ---Department1OU ---Department2OU --Branch2OU ---Department1OU ---Department2OU
All my users and groups sit in the Department OUs and if I setup my agreement to sync on the Department OU it syncs the users in OU.
If I however point it higher up in the hierarchy it doesn't go down the levels and sync the OUs below it.
Do I need to setup a separate agreement for each OU? Or is there a way I can sync the whole DivisionOU recursively?
I tried searching on the internet for the answer, but all I come across are other people asking the same question and receiving no answer.
It should just work to sync at the Division level. Note that winsync will _not_ create the intermediate OU entries on the 389 side - they must already exist. What errors are you getting in your errors log?
Chris Visser Linux/Network Infrastructure
================== Please read our Email Disclaimer : http://www.rtt.co.za/disclaimer.html
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
You must have all the OU's already created on the 389 side, then the sync agreement will populate them recursively.
Matthew Schmitt
Sent from my iPad
On Jul 9, 2012, at 6:49 AM, "Chris Visser" chris.visser@rtt.co.za wrote:
Hi,
I've got 389-ds configured and I'm busy setting up my sync agreement with my Windows AD server.
My AD has nested OUs e.g. -DivisionOU1 --BranchOU ---Department1OU ---Department2OU --Branch2OU ---Department1OU ---Department2OU
All my users and groups sit in the Department OUs and if I setup my agreement to sync on the Department OU it syncs the users in OU.
If I however point it higher up in the hierarchy it doesn't go down the levels and sync the OUs below it.
Do I need to setup a separate agreement for each OU? Or is there a way I can sync the whole DivisionOU recursively?
I tried searching on the internet for the answer, but all I come across are other people asking the same question and receiving no answer.
Chris Visser Linux/Network Infrastructure
================== Please read our Email Disclaimer : http://www.rtt.co.za/disclaimer.html
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
389-users@lists.fedoraproject.org
-
Chris Visser -
Matthew Schmitt -
Rich Megginson