2 files changed, 7 insertions, 0 deletions

diff --git a/ipa-server/ipa-install/ipa-replica-manage b/ipa-server/ipa-install/ipa-replica-manage
index 07f36a98c..8ba4427ba 100644
--- a/ipa-server/ipa-install/ipa-replica-manage
+++ b/ipa-server/ipa-install/ipa-replica-manage
@@ -44,6 +44,8 @@ def parse_options():
                       help="This is a Windows Sync Agreement")
     parser.add_option("--cacert", dest="cacert",
                       help="Full path and filename of CA certificate to use with TLS/SSL to the remote server")
+    parser.add_option("--win-subtree", dest="win_subtree",
+                      help="DN of Windows subtree containing the users you want to sync (default cn=Users,<domain suffix)")
 
     options, args = parser.parse_args()
 
@@ -108,6 +110,8 @@ def add_master(replman, hostname, options):
         other_args['bindpw'] = options.bindpw
     if options.cacert:
         other_args['cacert'] = options.cacert
+    if options.win_subtree:
+        other_args['win_subtree'] = options.win_subtree
     if options.winsync:
         other_args['winsync'] = True
         if not options.binddn or not options.bindpw or not options.cacert:
diff --git a/ipa-server/man/ipa-replica-manage.1 b/ipa-server/man/ipa-replica-manage.1
index 252d4b977..5d6546c05 100644
--- a/ipa-server/man/ipa-replica-manage.1
+++ b/ipa-server/man/ipa-replica-manage.1
@@ -58,6 +58,9 @@ Password for Bind DN to use with remote server (default is the DM_PASSWORD above
 .TP
 \fB\-\-cacert\fR=\fI/path/to/cacertfile\fR
 Full path and filename of CA certificate to use with TLS/SSL to the remote server - this CA certificate will be installed in the directory server's certificate database
+.TP
+\fB\-\-win-subtree\fR=\fIcn=Users,dc=example,dc=com\fR
+DN of Windows subtree containing the users you want to sync (default cn=Users,<domain suffix> - this is typically what Windows AD uses as the default value) - Be careful to quote this value on the command line
 .SH "EXIT STATUS"
 0 if the command was successful