<html><head></head><body><div style="font-family: Verdana;font-size: 12.0px;"><div>ok guess I got it</div>
<div>configured the sync agreement on the root suffix </div>
<div>(389) dc=domain,dc=com <==> (AD) cd=domain,dc=com </div>
<div>this seems to do the trick as long as the OU structure matches </div>
<div>
<div name="quote" style="margin:10px 5px 5px 10px; padding: 10px 0 10px 10px; border-left:2px solid #C3D9E5; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">
<div style="margin:0 0 10px 0;"><b>Gesendet:</b> Sonntag, 25. Mai 2014 um 23:22 Uhr<br/>
<b>Von:</b> "Christian Zimmermann" <chris612@gmx.de><br/>
<b>An:</b> 389-users@lists.fedoraproject.org<br/>
<b>Betreff:</b> Re: [389-users] winsync - group membership and different ou's</div>
<div name="quoted-content">
<div style="font-family: Verdana;font-size: 12.0px;">
<div>users in the ad are most of the time organized in ou's because of gpo's that should applie to that user</div>
<div>so "distributed" users are common. </div>
<div>do I really have to keep the groups manually in sync? </div>
<div> </div>
<div>cheers</div>
<div>christian</div>
<div>
<div style="margin: 10.0px 5.0px 5.0px 10.0px;padding: 10.0px 0 10.0px 10.0px;border-left: 2.0px solid rgb(195,217,229);">
<div style="margin: 0 0 10.0px 0;"><b>Gesendet:</b> Sonntag, 25. Mai 2014 um 22:52 Uhr<br/>
<b>Von:</b> "DuWayne Holsbeck" <drh@niptron.com><br/>
<b>An:</b> "General discussion list for the 389 Directory server project." <389-users@lists.fedoraproject.org>, "Christian Zimmermann" <chris612@gmx.de><br/>
<b>Betreff:</b> Re: [389-users] winsync - group membership and different ou's</div>
<div>that's what I found, I synced the DS to the AD root suffix and everything seems to work fine. As long as AD and DS users and groups use the same OU structure. Users and Groups on DS and AD are in the same OUs. Your milage may very.<br/>
<div class="gmail_quote">On May 25, 2014 3:08:42 PM CDT, Christian Zimmermann <chris612@gmx.de> wrote:
<blockquote class="gmail_quote" style="margin: 0.0pt 0.0pt 0.0pt 0.8ex;border-left: 1.0px solid rgb(204,204,204);padding-left: 1.0ex;">
<div style="font-family: Verdana;font-size: 12.0px;">
<div>HI everybody,</div>
<div> </div>
<div>I'm using 389 with our AD (2k8) to sync users and groups.</div>
<div>Basically everything works, except the group membership of users that are not</div>
<div>in the same OU as the group.</div>
<div>Memberships of users that are in test_ou01 will not getting synced if the group is in test_ou02.</div>
<div>The Membership gets synced if the user and the group he belongs to are in the same ou.</div>
<div> </div>
<div>Is this a limitation of the winsync agreement or am I missing something? </div>
<div> </div>
<div>cheers</div>
<div>christian </div>
<div> </div>
</div>
<p style="margin-top: 2.5em;margin-bottom: 1.0em;border-bottom: 1.0px solid rgb(0,0,0);"> </p>
<pre class="k9mail">--
389 users mailing list
389-users@lists.fedoraproject.org
<a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></pre>
</blockquote>
</div>
<br/>
--<br/>
Sent from my Android device with K-9 Mail. Please excuse my brevity.</div>
</div>
</div>
</div>
-- 389 users mailing list 389-users@lists.fedoraproject.org <a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></div>
</div>
</div></div></body></html>