<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.3.2">
</HEAD>
<BODY>
於 三,2005-10-26 於 08:44 -0600,David Boreham 提到:
<BLOCKQUOTE TYPE=CITE>
<PRE>
<FONT COLOR="#000000">Rich Megginson wrote:</FONT>
<FONT COLOR="#000000">> I think it's ok. Administrator is a "pseudo" user - it's only used </FONT>
<FONT COLOR="#000000">> for Windows domain administration. I don't think it follows the </FONT>
<FONT COLOR="#000000">> schema for a user. Does the Administrator entry have a full name or a </FONT>
<FONT COLOR="#000000">> surname? There are other pseudo users that fall into this category, </FONT>
<FONT COLOR="#000000">> such as the kerberos kdc user. You could probably fill in the missing </FONT>
<FONT COLOR="#000000">> attributes and make it sync over, but it doesn't really matter unless </FONT>
<FONT COLOR="#000000">> you want to use the Administrator entry on unix.</FONT>
<FONT COLOR="#000000">True (in fact, the special users in AD are not supposed to get sync'ed </FONT>
<FONT COLOR="#000000">at all),</FONT>
<FONT COLOR="#000000">but I'm puzzled about the group member being sync'ed. By design, only</FONT>
<FONT COLOR="#000000">group members that are also already present in the peer directory should</FONT>
<FONT COLOR="#000000">be sync'ed. Therefore, if things are working to plan, the Administrator user</FONT>
<FONT COLOR="#000000">should not be sync'ed, and neither should any group member that has its</FONT>
<FONT COLOR="#000000">DN.</FONT>
</PRE>
</BLOCKQUOTE>
Thanks for all of these answers. But I still have a problem with it. I try to add some users in <BR>
my AD and fill their property values, such as full name, surname. Then I invoke sync process<BR>
again and check my directory tree in my FDS. It still have no user sync from AD. What's wrong<BR>
with it? Do I miss something important?<BR>
<BR>
Regards<BR>
Joe
</BODY>
</HTML>