I've established a windows sync agreement on my IPA master server using:

ipa-replica-manage add --winsync --win-subtree='cn=users,dc=mcnc,dc=org'
--binddn cn=someusergoeshere,cn=users,dc=mcnc,dc=org --bindpw
nottherealpassword --cacert /root/my.cert --passsync=someotherpass
myadserver.mcnc.org -v

Everything seems fine so far, but I have a few questions about the setup.

1) it appear that users on the AD side that did not exist already on IPA
get created upon the initial full sync.  Is there anyway to turn off
this behavior?

2) Also, new users that are created in AD are created in IPA. Can this
behavior be turned off (I think this is the same setting as #1).

3) Will new users that are created in IPA be created in AD?

4) When a user previously created in AD be automatically deleted from
IPA when the user is deleted from AD?

5) Will the user be deleted from AD if the users entry is deleted in IPA?

6) what does ntUserDeleteAccount: true   do?


"All tyranny needs to gain a foothold is for people of
good conscience to remain silent."  --Thomas Jefferson

Freeipa-users mailing list

Reply via email to