Darren:<br><br>I wrote a Perl script using the Net::LDAP module and Kartik Subbrao&#39;s ldifdiff.pl (in Net::LDAP contrib section on <a href="http://search.cpan.org">search.cpan.org</a>)&nbsp; to go the other way, updating AD from LDAP (in our case the FDS-related Sun Directory).&nbsp; The basic process I&nbsp; followed was to dump the contents of each directory to LDIF (after all, AD is &quot;just another LDAP directory&quot;, ;-), transform the dns so that the source looks like the target (we get the dn by doing a search against the target on a attribute value common to both, in our case, AD CN = LDAP UID), then diffing the transformed files, and using the resulting diff to make my changes to the target. The current version is heavily customized for my company&#39;s environment so the code would probably be pretty useless to you, but if a barely competent Perl programmer like me could come up with something like this I&#39;d guess that someone who *really* knew what they were doing could come up with something much better.
<br><br>There are also commercial products out there like Microsoft or Sun&#39;s metadirectory, and HP&#39;s LDAP Directory Synchronizer (LDSU) (see <a href="http://h20219.www2.hp.com/services/cache/11215-0-0-0-121.html">
http://h20219.www2.hp.com/services/cache/11215-0-0-0-121.html</a>). All of these are quite costly. The Sun product is freely downloadable but it is very complex and I&#39;d wouldn&#39;t recommend exploring it without professional services assistance. You should also look at Sun&#39;s latest Directory Resource Kit, 
<a href="http://developers.sun.com/prodtech/dirserver/reference/techart/DSRK_52.html">http://developers.sun.com/prodtech/dirserver/reference/techart/DSRK_52.html</a>, which provides a number of tools that can be used together to synchronize disparate directories. The doc is a worthwhile read for getting you thinking about how you&#39;d go about it in your environment.
<br clear="all"><br>-- <br>Phil Lembo<br><br>