We currently have just 1 AD driver which handles all our provisioning
from the Vault to the AD domain. We have lately been adding a lot more
attributes and logic and to avoid doing a resync on thousands and
thousands of users and backlogging password changes during that time, I
am seeing how doable it is to simply have 2 drivers. One for password
changes only. The other for everything else. That way if we have to dump
say 50,000 changes to re-sync, password changes will still sync
quickly.

I assume it is basically just writing the correct policys and vetos to
ensure passwords only traverse through the one driver. A new ADD may be
a bit tricky I imagine.

Anyone done this? Thanks!


--
jeff@linux1:~> glxgears
120308 frames in 5.0 seconds = 24061.553 FPS
------------------------------------------------------------------------
jedijeff's Profile: http://forums.novell.com/member.php?userid=4732
View this thread: http://forums.novell.com/showthread.php?t=443185