Home Forums OS X Server and Client Discussion Active Directory Allow Administration By not working 10.6.3 (or even in 10.5)

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • May 11, 2010 at 8:53 pm #378580
    hkim823
    Participant

    I’ve for years now have had trouble getting the Allow Administration by field to work properly in OS X. It wasn’t a problem before I just ignored it but I can’t any longer.

    It doesn’t work through the GUI, but when I try via command line

    sudo dseditgroup -o edit -a “DOMAIN\domain admins” -t group admin

    where DOMAIN is the name of my domain (in all caps) the response back is “Group not found”

    Any ideas?

    May 14, 2010 at 7:59 am #378594
    Richard Mallion
    Participant

    Hi there

    This is a known bug, currently have a bug report open with Apple for it.

    As a nasty workaround we ended up adding the set users to OS X’s local admin groups.

    Hopefully it will be fixed at some point.

    Richard

    May 16, 2010 at 6:30 am #378600
    MacG
    Participant

    Any news or tips on how to get this to work ?

    Strangely, it does work sometimes for me, but after a restart it goes away again.. And comes back after a restart.

    I have seen computers with 10-15 users, where they all come up as Admins, but after a restart it´s gone again.

    This is what´s in the log:

    2010-05-11 20:29:49 CEST – T[0x0000000101C10000] – Active Directory: Could not find GUID for SDE\\Domain Users to update admin group
    2010-05-11 21:17:40 CEST – T[0x00007FFF7024DBE0] – DNSServiceProcessResult returned -65563
    2010-05-11 21:18:25 CEST – T[0x0000000101A87000] – Active Directory: Could not find GUID for SDE\\Domain Users to update admin group
    2010-05-11 21:21:49 CEST – T[0x0000000101981000] – Active Directory: Could not find GUID for SDE\ to update admin group
    2010-05-11 21:22:22 CEST – T[0x00007FFF7024DBE0] – DNSServiceProcessResult returned -65563
    2010-05-11 21:23:07 CEST – T[0x0000000101C10000] – Active Directory: Could not find GUID for to update admin group

    (The AD Domain is internal)
    Does DNS play a role in this ?

    March 29, 2011 at 8:43 am #380587
    berrty
    Participant

    Strange to see the same problem that I am having with the Allow Administration by field in OS X here too and I am relieved to see that it is due to some bug and that the admn groups are working on it and it will hopefully be fixed soon!!

    March 29, 2011 at 2:31 pm #380588
    hkim823
    Participant

    Since posting this, my AD admin turned on a feature that “magically” made this start to work. I forget the exact wording, but it has to do with AD groups being able to view permissions of AD groups (something that by default is not turned on it seems in a standard AD setup). Next time I see my AD guy I’ll ask him exactly what it is.

  • Author
    Posts
Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2025 AFP548. All Rights Reserved.