Hello,

I have IPA deployed in a test environment for proof of concept before moving into production. It took a while to get everything working but I finally have a working lab with Windows Server 2012 and IPA 2.2 on RHEL 6.3. Users can login and change passwords and everything is working properly.

The only issue I have is that I have to have the users in the Users container in AD and thats it. I ran an ldapmodify command to go to an OU and that worked, but then all my users in the CN=Users were removed from IPA. I tried to just run an add and got an error saying that only one entry can be in the config for syncing.

What I'm hoping is that I can add multiple user OU's from AD into IPA. In our production environment, we have multiple user OU's for different sites and I would love to have them all in.

I guess I could just tell the IPA server to replicate from DC=domain,dc=com and leave out the CN=users or OU=usergroup1 and just have it pull everything, computers and exchange data and what not, which is just a waste IMHO.

Please let me know if this is possible.

Thanks