Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Bruce Carillon1
Bruce Carillon1 Author
User level: Level 1
106 points

I need a Mac OS X Server/Active Directory guru!

We have a 2003 AD network. I have successfully bound all Macs and the OS X Server to the AD. Users login and validate against AD on their Macs. That all works great!

Now, I want to use OS X Server to control users and groups with Workgroup Manager. I really don't have any idea where to start. The server is bound to AD and the server software has been installed and updated. Is there a document that offers step-by-step instructions for what to do next? Any tips or links to documents that would help would be greatly appreciated.

I would also consider hiring a consultant to walk me through it...

Thanks

PowerMac G5, Mac OS X (10.4.10)

Posted on Aug 15, 2007 7:21 PM

Reply
10 replies
User profile for user: Camelot
Camelot
User level: Level 9
54,333 points

Aug 16, 2007 1:22 AM in response to Bruce Carillon1

You can easily use Workgroup Manager to edit Active Directory records.

When in Workgroup Manager the little icon above the accounts list shows you the directory you're viewing. Set that (if it isn't already set) to your Active Directory domain. You'll see the directory accounts and can change them just as you world any other accounts.

The limitation is that you cannot create new user accounts via Workgroup Manager - that has to be done with Microsoft's tools on a Windows machine.
Reply
User profile for user: Bruce Carillon1
Bruce Carillon1 Author
User level: Level 1
106 points

Aug 16, 2007 10:11 AM in response to Camelot

Thanks for the replies...

My first attempt to do this resulted in me being able to see AD users & groups but when I tried to apply settings to restrict access to certain System Preferences it would allow me to apply them. I always got an error message.

I have read the Mike Bombich white paper and get lost in a few of the steps along the way.

If that's my best option I will continue to try it... otherwise I'm open to working with someone over the phone or in person. I called a few consultants from the Apple Consultant list and have had no reponse.

Thanks
Reply
User profile for user: Bruce Carillon1
Bruce Carillon1 Author
User level: Level 1
106 points

Aug 17, 2007 11:28 AM in response to Bruce Carillon1

Okay, I have now gotten a bit further...

Both the server and client are "bound" to AD. In WM I have set up a group in my LDAPv3/127.0.0.1 that includes one user selected from our active directory. I then select Preferences and then make a few changes etc. I click save and done and get no errors.

At a client machine I log in as that user and check to see if any of the preference controls are in place. They are not.

So what should I check now? Thanks!!
Reply
User profile for user: Bruce Carillon1
Bruce Carillon1 Author
User level: Level 1
106 points

Aug 17, 2007 12:26 PM in response to Bruce Carillon1

Still closer yet...

If I log into the server using the AD account that I used to set up the server, I am able to control prefs.

So, I then added that user to the group and had them log into a client machine. Prefs are not controlled. So it appears the client is not receiving the WM controls for the group/user.

How should I troubleshoot this? Thanks
Reply
User profile for user: costicladop
costicladop
User level: Level 1
115 points

Aug 17, 2007 7:28 PM in response to Bruce Carillon1

Bruce,

In order to achieve user management for AD accounts, you'll have to setup Directory Access on clients to use LDAP and point to your OD master where you specified user management. This way, client macs will be bound to AD and also to OD. In Directory Access, make sure Search path has AD before OD.

This should do the trick 🙂

Message was edited by: costicladop
Reply

I need a Mac OS X Server/Active Directory guru!

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up