Nesting AD Groups into Local Groups with dseditgroup
Im trying to add an AD group named “Mac Power Users” from my AD domain named “AD01″ to the local admin group on my Leopard Macs (which are bound to AD). The dseditgroup command hates the syntax. See below for the error:
m006cafvux:~ root# dseditgroup -o edit -a “AD01\Mac Power Users” -t group -n . admin
record ““AD01Mac” of type “dsRecTypeStandard:Users” not found.
ERROR: A Directory Service error occured.
-14136: eDSRecordNotFound
It looks like it doesnt know how to interpret the domain and/or group. The group and domain are correctly spelled and both exist.
I found this site with a similar example of nesting groups. However, it doesnt work for me:
http://patternbuffer.wordpress.com/2008/02/17/notes-on-leopard-ad-plugin-1052/
m006cafvux:~ root# dseditgroup -o edit -a “AD01\Mac Power Users” -t group -n . admin
record ““AD01Mac” of type “dsRecTypeStandard:Users” not found.
ERROR: A Directory Service error occured.
-14136: eDSRecordNotFound
It looks like it doesnt know how to interpret the domain and/or group. The group and domain are correctly spelled and both exist.
I found this site with a similar example of nesting groups. However, it doesnt work for me:
http://patternbuffer.wordpress.com/2008/02/17/notes-on-leopard-ad-plugin-1052/
Xserve, Mac OS X (10.5.3)