7.2. Setting up Active Directory for Synchronization

Synchronizing user accounts alone is enabled within FreeIPA, so all that is necessary is to set up a sync agreement (Section 7.3.2, “Creating Synchronization Agreements”). On the Windows server, it is necessary to create the user that the FreeIPA server will use to connect to the Active Directory domain.
The process for creating a user in Active Directory is covered in the Windows server documentation at The new user account must have the proper permissions: