[389-users] AD replication agreement with 2 different servers/domains

Juan Asensio Sánchez okelet at gmail.com
Wed Oct 24 17:03:55 UTC 2012 

Hi Dan

Yes, I am trying to sync the same OU to two different servers/domains.
This is due to the users in our directory are splitted into several
organizations, and each organization is semi-self-managed. Some of
that organizations have replication agreements with their own AD
domain. Now we want from the "central organization" to replicate all
the users (from all the organizations) to a new AD domain which will
provide mail with Exchange, so each user's OU will have two Windows
replication agreements (one with the organization AD domain and other
with the new "central organization" AD domain with Exchange).

Anyone experienced with a topology like this?

NB: Don't ask why we don't use the existing AD domains, boss things...

Regards.


2012/10/24 Dan Lavu <dan at lavu.net>:
> Juan,
>
> The winsync utility is not designed to write to the same ou in 389, can you
> separate the sync agreements into two different OU's or databases? I'm
> making the assumption that you are making the agreements to the same OU in
> 389. If you're not writing to the same OU, can you go into more detail about
> the design?
>
> Dan
>
> ________________________________
> From: "Juan Asensio Sánchez" <okelet at gmail.com>
> To: 389-users at lists.fedoraproject.org
> Sent: Wednesday, October 24, 2012 7:09:41 AM
> Subject: [389-users] AD replication agreement with 2 different
> servers/domains
>
>
> Hi
>
> I am trying to configure the replication between 389DS an two
> different servers and domains in Active Directory. The first
> replication agreement works fine, and the second works fine too in the
> initialization. But when I modify some user, the change is replicated
> to the first server/domain, but not to the second ones. I think this
> is due to the first agreement has created the objectGUID in AD, and
> replicated to 389DS in the ntUniqueId attribute, but with the second
> agreement, the second server domain has created a different objectGUID
> but not replicated/overwrote the previous ntUniqueId created by the
> first agreement (that then would break the first agreement). Is this
> correct? Is there any way to solve/workaround this?
>
> Regard and thanks in advance.
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

More information about the 389-users mailing list