Did anyone watch the Server webcast the other day on macenterprise.org?

They mentioned about "Augmentation Records" but I can't find anything on this feature anywhere, does anyone know where to find more information on this or if its under another name or what?

Its supposed to be able to set AD settings or something without having to extend the AD Schema.

Thanks,

Dan

We're in the process of doing an article on this and other changes to Directory Services in Leopard.

The short of it is that augmented records allow you to add additional schema for a record into a secondary directory.

In the case of AD this would allow you to add attributes like MCX to an AD user by putting this records into an OD database and binding the client to both AD and OD. The client looks up the user in AD and then adds the additional attributes that are contained in OD to make a full record.

---

Changing the world, one server at a time. Joel Rennich

Yea I know that much, but I'm looking for more info on how to implement it and stuff.......I figured it would be on Apple's developer pages or something, but I can't find anything on it. Thanks for the info though.....will look forward to the article.

Dan

The easy way to do augmented records (The Cylinder of Destiny) is to use a Standard or Workgroup server setup. Then open Server Preferences and import users from another DS. This creates the augments for those users.

We are working on an article for doing this on an advanced server too.

---

Breaking my server to save yours. Josh Wisenbaker www.afp548.com

Heh, well that's not what you asked.

In short to use them requires Standard or Workgroup server. If you go for advanced you'll have to do all of this by hand, which won't be fun.

With Standard or Workgroup the procedure is essentially:

1. Ensure that you are hosting an LDAP domain and that it has been set up correctly.
2. Bind to AD.
3. Using Server Preferences -> Users import users from AD. This creates the stub record which does the augmentation magic.
4. Bind your clients to both AD and the LDAP hosted by your server.
5. Use WGM as normal on the "users" in OD that are actually AD users.

---

Changing the world, one server at a time. Joel Rennich

Ahhh...shoot

I was afraid that was the setup! It would be a pain when new accounts are made in AD....you would then need to import that new user into OD as well. We are always adding and removing accounts in AD, would be just an adding pain for the admin to have to do this each time.

Thanks for the quick replies and info! Still looking forward to reading the articles though!

-Dan

I've followed this on a clean install through step 4. However in WGM I don't see additional users listed in the LDAP directory. I can find them using the inspector and viewing the Augment records directly.

When logging into an augmented user from a client machine bound to the AD and then the OD server, any mcx or other management settings are not applied to the session and nothing shows up in an mcxquery for the augmented user. Authentication works just fine through AD.

Management application of normal user accounts stored in OD work just fine.

I've tried both with and without using a mobile account, but there is no difference on the management part.

Has anyone run into this or something similar? Any ideas on where to look next?

John - I'm seeing the same behavior. additionally, augmented users are unable to log in to the calendar server. it makes principals for them, but will not allow them to auth.

Well it's good to know I'm not alone in this. I'm pretty sure I've confirmed it as a bug in a conversation with an Apple Engineer so here's hoping for 10.5.1