Hello ALL.

In our organization it became necessary to:

- replicate all user accounts from AD to FreeIPA preserving user passwords (the passwords will appear in FreeIPA when changing these in AD using WinSync)
- unbind the part of the migrated accounts from synchronization
- remove unbindedusers from the AD(they should remainwith password on the FreeIPA side) - the remaining accounts (onthe AD side) should continue to be synchronized/replicated (add/change/delete on the AD side)

In some circumstances that do not depend on me, the use of a trust does not approach us...

The question is whether the rightfollowing method to unbind part of the user accounts from the Syncby removing:

- objectClass: ntUser
- ntUniqueId: *
- ntUserAcctExpires: *
- ntUserCodePage: *
- ntUserDeleteAccount: *

or perhaps there is a more correct method?


p.s.: sorry for my English

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to