When I set up my zimbra server I configured it for External Authorization to an AD server.

I have now come to realise what this means in terms of not being able to create temporary test email accounts, and not being able to log into email if the AD is unavailable for any reason.

I believe that having local authorization with GAL Sync from the external AD to Zimbra would better suit my needs.

Am I correct in this?

Assuming a user updates their password on the network - how long would it take for that change to take affect in zimbra?

Do password changes go both ways? If user changed their zimbra password - would it update the AD password? Or it it one-way from the AD to zimbra?

Are there any gotchas associated with configuring it this way?

Could anyone kindly give me a step-by-step howto guide for what I need to do to make the switch.

Thanks in advance.