[Freeipa-users] WinSync: The correct method for unbinding some users from synchronization
cac2s
cac2s.spam at gmail.com
Fri Apr 29 11:31:40 UTC 2016
Hello ALL.
In our organization it became necessary to:
- replicate all user accounts from AD to FreeIPA preserving user
passwords (the passwords will appear in FreeIPA when changing these in
AD using WinSync)
- unbind the part of the migrated accounts from synchronization
- remove unbindedusers from the AD(they should remainwith password on
the FreeIPA side)
- the remaining accounts (onthe AD side) should continue to be
synchronized/replicated (add/change/delete on the AD side)
In some circumstances that do not depend on me, the use of a trust does
not approach us...
The question is whether the rightfollowing method to unbind part of the
user accounts from the Syncby removing:
- objectClass: ntUser
- ntUniqueId: *
- ntUserAcctExpires: *
- ntUserCodePage: *
- ntUserDeleteAccount: *
or perhaps there is a more correct method?
Thanks.
p.s.: sorry for my English
More information about the Freeipa-users
mailing list