[Fedora-directory-users] Windows Sync without Domain Admin?
David Boreham
david_list at boreham.org
Fri Dec 1 18:05:32 UTC 2006
Nicholas Byrne wrote:
> Is it possible to do a syncronisation of a windows peer without the
> windows user who i use to bind being a domain admin?
No. I'm not 100% sure but I believe you need to be a domain admin to
use the dirsync control, which FDS uses to pull entries from AD.
If that isn't the problem then I'm not sure what's going on.
You certainly need to bind as a domain admin to modify passwords
in AD, but from your desciption of the problem you're not expecting
that to work anyway, just the AD->FDS entry sync functionality.
Note that because passwords are modified with a separate
operation, outbound sync (sans passwords) should still work
if the bind identity is not a domain admin (but has rights to
modify the target entries).
More information about the Fedora-directory-users
mailing list