2763 Views 10 Replies Latest reply: Aug 18, 2007 9:14 AM by Bruce Carillon1
You can easily use Workgroup Manager to edit Active Directory records.
When in Workgroup Manager the little icon above the accounts list shows you the directory you're viewing. Set that (if it isn't already set) to your Active Directory domain. You'll see the directory accounts and can change them just as you world any other accounts.
The limitation is that you cannot create new user accounts via Workgroup Manager - that has to be done with Microsoft's tools on a Windows machine.
Thanks for the replies...
My first attempt to do this resulted in me being able to see AD users & groups but when I tried to apply settings to restrict access to certain System Preferences it would allow me to apply them. I always got an error message.
I have read the Mike Bombich white paper and get lost in a few of the steps along the way.
If that's my best option I will continue to try it... otherwise I'm open to working with someone over the phone or in person. I called a few consultants from the Apple Consultant list and have had no reponse.
Okay, I have now gotten a bit further...
Both the server and client are "bound" to AD. In WM I have set up a group in my LDAPv3/127.0.0.1 that includes one user selected from our active directory. I then select Preferences and then make a few changes etc. I click save and done and get no errors.
At a client machine I log in as that user and check to see if any of the preference controls are in place. They are not.
So what should I check now? Thanks!!
Still closer yet...
If I log into the server using the AD account that I used to set up the server, I am able to control prefs.
So, I then added that user to the group and had them log into a client machine. Prefs are not controlled. So it appears the client is not receiving the WM controls for the group/user.
How should I troubleshoot this? Thanks
In order to achieve user management for AD accounts, you'll have to setup Directory Access on clients to use LDAP and point to your OD master where you specified user management. This way, client macs will be bound to AD and also to OD. In Directory Access, make sure Search path has AD before OD.
This should do the trick
Message was edited by: costicladop