Anne Cross wrote:
Our AD admins want to move users from our ou=Users tree to a new tree called
ou=Departed, after we've locked the accounts, so that we know when a user has
left the company and we've completed the cleanup process. We've discovered
through trial and error that when they do this on the AD server, it doesn't
actually move the user out of the ou=Users tree on the 389 server. The
accounts stay synced - passwords transmit and so forth - but the state of
affairs is somewhat confusing.
If I delete the user and then recreate them in the correct tree on my side, the
AD server blows the user away and we lose all history - old passwords, AD
preferences, etc, which is annoying when the person in question is an intern
who might come back.
Anyone have any suggestions on a workaround for this state of affairs? It doesn't look
like a *bug* to me so much as a complete difference of opinion on how a user
"move" should be accomplished between 389 and AD 2008.
389 does not (yet) support the atomic move operation. AD does. That's
the problem.
-- juniper
--
389 users mailing list
389-us...@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
--
389 users mailing list
389-us...@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
