AD-OD Sandbox

Authored by: tony on Wednesday, March 05 2008 @ 05:14 am MST

THANK YOU SO MUCH!

[ Reply to This | # ]

Authored by: ibgarrett on Wednesday, March 05 2008 @ 09:14 am MST

I hate to say it, but this is just a great start. What would really be cool is to see something along the lines of using AD for podcast producer. :D I really appreciate the work that has gone into this so far. Brian

---
Brian Garrett
brian@garrett.net

[ Reply to This | # ]

Authored by: topcat on Friday, March 14 2008 @ 07:46 am MDT

Another thanks from me!

Another doc like this would be good for finishing this environment off, showing how to enable SMB (domain member) so that you can login on a PC and get your network drive to mount from your mac server.
Ive done this, but its not quite working yet, I dont yet have permissions correct to get the share mounting on my mac and Windows.

Another good guide would be on quotering. How can we get a share on the mac to be quotered both on a mac client and windows client?

[ Reply to This | # ]

Authored by: jadurr03 on Saturday, March 22 2008 @ 01:14 pm MDT

Is there a good way to integrate the new 10.5 with AD if you are not an AD Admin? There is absolutely no way that anything will be able to be changed in AD.

I saw the documentation for integrating 10.4 OD with AD and it doesnt require having access to the active directory, but was curious as to how similar this process would be using the new OS.
This is what I am looking at:
http://www.afp548.com/filemgmt/index.php?id=12

Thanks,
Cortez The Killer

[ Reply to This | # ]

Authored by: Anonymous on Sunday, April 06 2008 @ 02:47 pm MDT

This document is just amazing. I have been trying to get this functionality for several months now, and i already see a couple issues that i need to resolve. Thank You! I have worked with Apple support several times, and each time of course, they want to send a "consultant" at over $650! i think i will stick with this 20 minute approach for FREE. Being in education, we are forced by some staff to utilize mac clients and as an IT admin, i MUST have control over the clients either windows or mac. This fits the bill! Funny thing, i was sent to this site by a mac server tech support person. thanks Apple! LOL

[ Reply to This | # ]

Authored by: Anonymous on Thursday, May 15 2008 @ 11:34 pm MDT

Thanks a ton for the great doc!

One problem: When binding the 10.5 client to AD directly (page 18), I was not able to bind with the 'binder' account, getting a cryptic permissions error. Binding with the AD Domain Administrator account worked fine.

Has anyone else experienced this?

[ Reply to This | # ]

Authored by: stevemci on Wednesday, April 22 2009 @ 11:34 am MDT

I've followed the instructions in the document, but the AD users home folders are being created on the local hard drive instead of the mac server, even though "force local home" is unchecked in the advanced options section of Directory Access/Directory Utility. Managed settings for the AD users (like dock location) are working fine.

The document blithely says to ignore error messages when setting the user home folder on the AD server. The error I'm getting states that the path can't be found. Forward and reverse lookups are working for the mac server so DNS appears to be working.

There must be something I'm overlooking. Where should I be looking to resolve this problem?

[ Reply to This | # ]

Authored by: vulcan on Tuesday, April 28 2009 @ 10:32 am MDT

Great article! We already had AD setup and working OpenLDAP -> AD on Linux, but hadn't got that far on the Mac. I seem to experience some inconsistency in the MCX enforcement (I set screensaver and menu extras settings, some machines take, some don't). I'm not sure if it's how I bind the machines. It seems simply entering the IP for the server in Directory Utility works, but doesn't ask for credentials for binding. If I go into advanced, it will ask.. Seems inconsistent all in all, but I'll keep trying to nail it down.

[ Reply to This | # ]

Authored by: actionbastard on Thursday, July 02 2009 @ 11:59 am MDT

The linked document contains information on the order of directory binding for Mac clients that is in direct opposition to the information that is supplied by Mike Bombich in his whitepaper, "Leveraging Active Directory on Mac OS X".
Specifically, on page 34, Bombich states;

"The client-side configuration is simply a combination of binding to both the Open Directory Master and Active Directory. Note that order is important. Bind to Open Directory first, or verify that the Open Directory node is listed first in the Search Policies tab of Directory Utility. If the Open Directory node is not listed first, managed settings may not be applied, and augmented records will be ignored."

In Corey Carson's whitepaper, on page 27, he states;

"If the Active Directory entry is not above Open Directory, click and drag it above to set it that way (as shown below)."

So the question is, which one is correct or does it not really matter?

[ Reply to This | # ]