ipa-winsync-migrate - Man Page

Seamless migration of AD users created by winsync to native AD users.


ipa-winsync-migrate [options]


Migrates AD users created by winsync agreement to ID overrides in the Default Trust View, thus preserving the actual POSIX attributes already established.

Prior to the actual migration, the winsync replication agreement will be removed to protect the removal of the user accounts on the Active Directory side.

During the migration, group, assigned roles, HBAC rules and SELinux memberships of the synced users will be preserved. Any local copies (created by winsync) of the migrated users will be removed.


After the migration, any PassSync agreements need to be removed from Active Directory Domain Controllers, otherwise they might attempt to update passwords for accounts that no longer exist on the IPA server.



The Active Directory realm the winsynced users belong to.


The hostname of Active Directory Domain Controller the winsync replication agreement is established with.

-U, ā€‰--unattended

Never prompts for user input.


Mar 10 2015 IPA Manual Pages