Home Forums OS X Server and Client Discussion Open Directory Creating Mac Computer Records in OD (Magic Triangle)

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • December 5, 2007 at 8:28 pm #370735
    dds
    Participant

    My Macs are being upgraded to Leopard. My Mac servers are running Leopard already. All my Mac desktops are bound to AD 2003 and will soon be in OD too (for the purpose of managing policies on the Macs via MCX) Enter the “Magic Triangle”.

    It seems to me that (at least prior to 10.5 Leopard) the process of binding a Mac desktop to OD (and the associated back end Administrator work required in WGM for user management – i.e.; adding the Mac by MAC address etc) has been tedious, clunky and prone to human error.

    Good news (I think): I have noticed by accident that I was unable to add a Mac computer in OD if the same computer name already exists in AD. This is good right? I mean, I no longer have to manually add a computer object record in OD for all of my 200 Mac desktops. But…

    Bad news: It looks to me that WGM STILL needs to have each Mac desktop computer’s MAC address (i.e.; Ethernet ID) added manually before MCX policies can be applied. Can anyone confirm this please? Do I still need to add each Macs MAC (Ethernet) address to their corresponding OD computer record?

    Apple doesn’t indicate that you can now add Mac computer records into OD by using the existing AD computer record. I would love to NOT have to mess with manually adding each Mac’s unique name and MAC (Ethernet ID) address into WGM.

    Can anyone confirm or comment on the observations and questions I have please?

    Thanks

    August 21, 2008 at 2:22 am #373839
    drstaind
    Participant

    I too am having the same issue with 10.5.4 servers WGM.
    Machines are happy to bind to OD and AD – records are generated with the AD tree, yet before MCX management of these objects can be applied, the machine must be manually added with MAC address etc.

    Has anyone else been able to find a reliable resolution to this workflow?

    Would be very happy to hear of any functionality I might be missing.

    January 12, 2010 at 6:44 am #377806
    xenedar
    Participant

    Ah. This is the same as [url=https://www.afp548.com/forum/viewtopic.php?showtopic=25933]my question[/url].

    Can anybody provide any insights?

    February 1, 2010 at 11:49 pm #377920
    xenedar
    Participant

    I’m still struggling with this. The only way I can make computer accounts in OD is to disable AD temporarily, make the account, then re-enable AD.

    Is this a common issue? I’ve configured it in a fairly out-of-the-box sort of way. It seems odd to me, as the Magic Triangle configuration is supposed to still be a valid arrangement in 10.6.

    Is it possible to disable OD’s mapping of AD computer accounts? ie: to use users and groups but become unaware of the machine accounts?

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2025 AFP548. All Rights Reserved.