Hi All.
I’m exploring the use of IPA in a synchronisation (rather than trust) arrangement with AD, as this fits a particular use-case we have here quite well.
Our AD is very large, so a large number of users are synchronised into IPA and they come across by default as ‘Disabled’. This is fine - an administrator can easily enable those who need access.
However, the users all show up as ‘Active users’, rather than ‘Stage users’. But it would be much better if they were ‘Stage users’ to start with, and needed to be explicitly activated before moving into ‘Active users’.
It seems that IPA doesn’t work this way in a synchronisation agreement? Is there any way to configure the system so that it does?
Regards,
Robert.