A long long time ago, in a galaxy far away, we had DirXml implemented with the AD driver (remote loader) and password sync filter (?) option.

Anyway, due to the fact that our machines have both Novell Client and are in AD, when user changed password, it would send them to both directories simultaneously, and usually eDir would be quicker than AD but about 20% of the time, user would get an error on their PC.

A LONG time ago, the "Fix" was to just sync passwords in one direction.

Now, for a variety of political reasons, we're being told we may need to re-enable that so that another group of users in a different Domain can utilize the 2-way trust to change passwords on the AD side of things, but we still have stuff setup to use eDir primarily, so we would need password changes to flow in both directions.

PC's have subsequently been configured in the Novell Client, so that when password changes are performed via Novell Client, it does NOT sync to AD.

I don't know if, in the above scenario, we'd then run into any issues with password changes that were initiated on eDir or AD side of things? I'm thinking we should probably be OK at that point?

Any real-world experience in this matter with the above scenario?