>>I have already: >>- created an IPA group called ad_users. >>- created an IPA group called ad_users_external.
> Did you create this group with --external? Doh! Nope, somehow I missed that. I've done that and that part is working now. But the other part of the question remains, i.e. I'm still seeing all of our AD users (that have UNIX attributes enabled) instead of just the ones in the AD group that I've added. David Guertin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
