Description of problem: The DS Windows PassSync code need to bind to the IPA DS as a user that has: - permission to write the userPassword attribute - can skip password policies so the password doesn't expire on the next use We should pre-create this user in IPA so it is just a matter of using the right entry when setting up PassSync on an AD install. This account will require a userPassword attribute. We can either set this to the DM password or prompt during an installation. I'm not sure if this account should be cn=config or whether we should replicate it. Either way we probably need this on every master and replica (no way to tell where someone will attach AD).
*** This bug has been marked as a duplicate of bug 471130 ***