[389-users] AD replication agreement with 2 different servers/domains
Rich Megginson
rmeggins at redhat.com
Wed Oct 24 17:15:13 UTC 2012
On 10/24/2012 11:03 AM, Juan Asensio Sánchez wrote:
> Hi Dan
>
> Yes, I am trying to sync the same OU to two different servers/domains.
> This is due to the users in our directory are splitted into several
> organizations, and each organization is semi-self-managed. Some of
> that organizations have replication agreements with their own AD
> domain. Now we want from the "central organization" to replicate all
> the users (from all the organizations) to a new AD domain which will
> provide mail with Exchange, so each user's OU will have two Windows
> replication agreements (one with the organization AD domain and other
> with the new "central organization" AD domain with Exchange).
>
> Anyone experienced with a topology like this?
Would https://fedorahosted.org/389/ticket/460 solve your problem?
>
> NB: Don't ask why we don't use the existing AD domains, boss things...
>
> Regards.
>
>
> 2012/10/24 Dan Lavu<dan at lavu.net>:
>> Juan,
>>
>> The winsync utility is not designed to write to the same ou in 389, can you
>> separate the sync agreements into two different OU's or databases? I'm
>> making the assumption that you are making the agreements to the same OU in
>> 389. If you're not writing to the same OU, can you go into more detail about
>> the design?
>>
>> Dan
>>
>> ________________________________
>> From: "Juan Asensio Sánchez"<okelet at gmail.com>
>> To: 389-users at lists.fedoraproject.org
>> Sent: Wednesday, October 24, 2012 7:09:41 AM
>> Subject: [389-users] AD replication agreement with 2 different
>> servers/domains
>>
>>
>> Hi
>>
>> I am trying to configure the replication between 389DS an two
>> different servers and domains in Active Directory. The first
>> replication agreement works fine, and the second works fine too in the
>> initialization. But when I modify some user, the change is replicated
>> to the first server/domain, but not to the second ones. I think this
>> is due to the first agreement has created the objectGUID in AD, and
>> replicated to 389DS in the ntUniqueId attribute, but with the second
>> agreement, the second server domain has created a different objectGUID
>> but not replicated/overwrote the previous ntUniqueId created by the
>> first agreement (that then would break the first agreement). Is this
>> correct? Is there any way to solve/workaround this?
>>
>> Regard and thanks in advance.
>> --
>> 389 users mailing list
>> 389-users at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>> --
>> 389 users mailing list
>> 389-users at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
More information about the 389-users
mailing list