[389-users] 389 <=> AD group sync
Matti Alho
listat at alho.fi
Fri Nov 30 08:30:03 UTC 2012
>> I'm testing group sync between 389ds and Microsoft AD. It works
>> otherwise, but incremental updates are not working. Any changes to
>> groups on 389 side do not get synced to AD unless I do a full manual
>> update triggered via console. Syncing users works normally. Would
>> someone have an idea why?
>
> Can you be more specific? Can you provide your winsync config and an
> example of what you are trying to do?
Ah sorry, here is an example of a group I'm trying to sync:
dn: cn=wingrouptemp,ou=People,dc=domain,dc=com
ntUniqueId: 9da16bd7236fb04285c419aefb9cb2a5
ntGroupCreateNewGroup: on
objectClass: top
objectClass: groupofuniquenames
objectClass: ntgroup
uniqueMember: uid=test1,ou=People,dc=domain,dc=com
uniqueMember: uid=test2,ou=People,dc=domain,dc=com
ntUserDomainId: wingrouptemp
cn: wingrouptemp
Sync agreement is set for ou=People,dc=domain,dc=com and has "New
Windows User Sync" and "New Windows Group Sync".
-Matti
More information about the 389-users
mailing list