To synchronize user identity information between Directory Server and Windows Active Directory, IPA employs a plug-in that extends the functionality of the Directory Server Windows Sync utility. This plug-in allows IPA to perform the data manipulation necessary to achieve synchronization between Directory Server and Windows Active Directory. The IPA Windows Sync plug-in uses the ipaWinSyncUserAttr parameter to specify what attributes and values to add to new users that are synchronized from Active Directory.

Refer to the Directory Server Administration Guide for more information on the Windows Sync utility.

Refer to the Directory Server Plug-in Programmer's Guide for more information on working with plug-ins.