Rudgie_14

Q: two OD masters on same network

I work at a school where we have about 400 macbooks and 100 or so windows machines.  We have a golden triangle set up between our old snow lepard server connected to AD and running OD master.  So our client machines are bound to both AD and OD. AD for the windows authentication and OD for the preferences to lock down the machines. 

Now we want to upgrade our macmini snow lepard to at least mavericks with server 4 so that we can use profile manager instead.  There is no easy was to transition from snow lepard to mavericks while have machines still using the OD server. 

Is it possible for us to set up another server with yoesmite and OSX server 4.  So it also is bound to AD to get the list of machines so that we can managed them.  My thought is that when we reimage our new yosemite laptops we can bind them to the AD and the new server 4 OD.  so have both OD servers running at the same time but have the older mavericks laptops getting their preferences from Work Group manager on the old server and our newly done machines grabing Profiles instead off of the new machine. And once we have all laptops in the workplace using profiles we can simply remove the old snow lepard server..

 

Making sense??  Hoping that someone is in the same boat and has already done this.   I just dont want any conflicts between the two servers or laptops trying to connect to both.  I assume that for the new machines to grab profile they would need to be bound to the new AD?

 

Whew... thats a lot of information..  all i need now is a simple answer so we can start our imaging process for the bloody staff who require the latest!!

 

Cheers.

Mac mini, Mac OS X (10.6.5)

Posted on Aug 5, 2015 5:09 PM

Close

Q: two OD masters on same network

  • All replies
  • Helpful answers

  • by John Lockwood,

    John Lockwood John Lockwood Aug 6, 2015 5:31 AM in response to Rudgie_14
    Level 6 (9,349 points)
    Servers Enterprise
    Aug 6, 2015 5:31 AM in response to Rudgie_14

    It is possible to bind all versions of OS X client to the same single version of OS X Server. You will be far better off doing the following.

     

    • Build your new server on a test network
    • Use exactly the same host name and IP address, this means you also need a matching DNS server on the same test network
    • Archive your existing old Open Directory
    • On the new Open Directory server restore the archive
    • Shutdown the old server
    • Connect and boot the new server
    • Test, test, test

     

    Obviously do the last few steps when pesky users are not around if at all possible

     

    Note: Apart from login/logout hooks, it seems most/all MCX preferences set in Workgroup Manager will still work with even Yosemite clients. It also seems that if the same setting is done via Workgroup Manager and Profile Manager then Profile Manager takes precedence. So as you enrol each Mac - Profile Manager will take over.

     

    I would strongly advise going straight to Yosemite and the latest Server.app - currently 4.1.3

     

    It would theoretically also be possible to do the following.

     

    • Keep your existing Snow Leopard Server as the main Open Directory server
    • Setup a new Yosemite+Server.app server as a Profile Manager server
    • Bind the new Yosemite+Server.app to the Snow Leopard and Active Directory servers

     

    With the above approach the new Yosemite+Server.app server will use its own dedicated Open Directory just for Profile Manager, it should use Active Directory to Authenticate users - even for accessing Profile Manager. You may need to adjust the search order in Directory Utility. Bind it to the Snow Leopard Server would not make much difference as the Snow Leopard Server would not be needing to manage preferences on the new server.

     

     

    PS. It is possible to have two different OD Masters on the same network but these need to be two different Open Directory systems, with different host names and realms. If you were to connect to both then only the one listed first applies.