Rich Megginson wrote:
>Yes. There are two different connections. The main connection is
from
>FDS to AD - FDS does an LDAP BIND to AD to issue a sync request. When
>you configure the windows sync agreement on FDS (usually using the
>console), you have to specify the DN of the user on AD that has
>administrative rights over the AD subtree (e.g.
>cn=Administrator,cn=Users,dc=Domain,dc=TLD). So you will have to do
>some work to create that user on AD, grant that user the appropriate
>rights over the AD subtree, and figure out what the DN of that user is.
>
>
The domain's 'Administrator' user is an easy option if you are
allowed
to know its password.