Active Directory Will Not Synchronize with Red Hat Directory Server via Windows Sync
Environment
- Red Hat Directory Server 8
- Red Hat Directory Server 9
- Microsoft Windows Active Directory (all supported versions)
Issue
- After configuring Windows Sync, Active Directory users and groups will not synchronize over to Red Hat Directory Server. The Directory Server error log indicates that no entries have been sent over from Active Directory after the completion of a total update.
NSMMReplicationPlugin - Finished total update of replica "agmt="cn=AD" (ldap:636)". Sent 0 entries.
Resolution
- Grant the Replicating Directory Changes permission to the Active Directory user account that is used by Red Hat Directory Server to send and receive updates.
Root Cause
- The Active Directory user account that is used by Red Hat Directory Server for synchronization does not have adequate permission to replicate directory changes. Per Microsoft documentation, this permission is required to utilize the Dirsync controls that are used to poll for object attribute changes on Active Directory; this information is then used by Red Hat Directory Server to determine which users and groups to synchronize.
Reference
- Microsoft documentation:
- http://support.microsoft.com/kb/891995
- http://support.microsoft.com/en-us/kb/303972
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments