Hello,
I have an ad forest/domain in which I am using ou delegation to control access to computers and member servers.
What I want to be able to do is to add a mac os x (10.3) client or server to a "computers" container within an ou (which I have delegated administration).
The problem --
OS X clients allow any domain user to authenticate, even users that are not members of the "Domain Users" group.
I want the OS X client to ONLY allow access based on policies
or at the very least group membership established by the ou administrator.
Any ideas?
Thanks