Hello ALL.
In our organization it became necessary to:
- replicate all user accounts from AD to FreeIPA preserving user
passwords (the passwords will appear in FreeIPA when changing these in
AD using WinSync)
- unbind the part of the migrated accounts from synchronization
- remove unbindedusers from the AD(they should remainwith password on
the FreeIPA side)
- the remaining accounts (onthe AD side) should continue to be
synchronized/replicated (add/change/delete on the AD side)
In some circumstances that do not depend on me, the use of a trust does
not approach us...
The question is whether the rightfollowing method to unbind part of the
user accounts from the Syncby removing:
- objectClass: ntUser
- ntUniqueId: *
- ntUserAcctExpires: *
- ntUserCodePage: *
- ntUserDeleteAccount: *
or perhaps there is a more correct method?
Thanks.
p.s.: sorry for my English
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project