Thank you very much for that. Works like a charm. How does this work though? You setup the winsync agreement between your IPA Server and AD server using the hostname. How does IPA know that it can trust a second DC?
Matt From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Dmitri Pal Sent: Friday, April 05, 2013 11:56 AM To: firstname.lastname@example.org Subject: EXTERNAL: Re: [Freeipa-users] Active Directory --> IPA Password Sync On 04/05/2013 10:52 AM, Joseph, Matthew (EXP) wrote: Hello, I imagine this is a common issue/question when trying to implement the password sync between AD and IPA. We have two Windows 2003 domain controllers (for redundancy) so when a user issues a password change on the Windows side there is no primary domain controller that it will always use for password changes. So right now IPA is only getting 50% of the Password changes that are done through Windows due to password changes going through both domain controllers. Looking through the documentation IPA will only allow a password sync agreement between 1 AD and 1 IPA server. Is there a solution for this issue? How are people getting around this? One winsync agreement but passsync should be installed on both DCs. Thanks, Matt _______________________________________________ Freeipa-users mailing list Freeipaemail@example.com<mailto:Freeipafirstname.lastname@example.org> https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/<http://www.redhat.com/carveoutcosts/>
_______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users