8><---- Things you can't easily do are things like "Create a desktop user". You can't easily do this because the group membership is assigned later.
8><---- yep, tahst OK I think......Users will be created by our useradmins initially, in AD and then IPA if there is a need for a UID/linux login. Later after I have a one way passsync working I will do a one way winsync agreement such that when the useradmin crates the user in the provisioning system which in turn injects it inot AD that is automatically transmitted to IPA. At that point I would want the desktop admin or useradmin to assign that user to group(s). At least this is how I think we will be working, hopefully that makes sense. regards _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users