James Roman wrote:
Just for posterity. The issue ended up being that the AD and FreeIPA were out of sync. One of the sub-containers in the Active Directory containing disabled accounts was moved outside of the scope of the sync agreement. We never ran a replica init, so a number of scheduled syncs were pending.
Glad you figured it out. Thanks for closing the loop :-) cheers rob _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
