When you are replicating to AD, user accounts are fully synced upon creation. If you
create a new user in FDS, the account and password will be immediately synced to AD. The
issue is with accounts that already exist in AD (I am not sure about those that are in
FDS) before a replication agreement is set up. If you are just now setting up FSD and
want accounts created in FDS to also be created in AD at the same time, then you should
not have any trouble if you have set up replication correctly.
We use FDS for provisioning new accounts via a portal. The account is created in FDS and
it is replicated to AD. The user can immediately log onto our network. The PassSync part
on AD makes sure that if their password is changed via the windows tools (Ctrl-Alt-Del
-> change password, Computers and Users MMC -> reset password), it will also set the
new password in FDS. Our system goes both ways. Accounts can be created in either
directory, and they will be replicated (with passwords) to the other one.
Again, the issue is not with account creation, but with handling accounts that already
exist before replication is set up. AD will not allow passwords to be read, only to be
compared, and that is the main problem. I am not sure about FDS, and it may be possible
to get the passwords out in order to reset them. Importing an ldif file to change the
passwords will work, providing the passwords are in plain text. So if you can find a way
to export the passwords in plain text (with the uid or dn), you may be able to reset them
all in both directories in one fell swoop.
Good luck (and be careful)
From your mail, i understood that you are trying to sync passwords
from AD
to FDS. I am trying to sync accounts the other way round from FDS to AD.
If pass sync doesn't full sync accounts between FDS and AD which i regard as
a replica of FDS, when i create new user i have to create him on the AD and
ask the user who's password is already saved on FDS to login and change his
password which he just created!
This is wasn't i hoped for :(
regards,
Abdelrahman
--
Daniel Shackelford
Systems Administrator
Technology Services
Spring Arbor University
517 750-6648
"For even the Son of Man did not come to be served, but to serve, and to give His
life a ransom for many"
Mark 10:45