dsconfigad binds to Active Directory domain, logins fail in 10.6.2

Hi

This bit looks odd?

ou=Macs,dc=example,dc=com

Have you modified the schema by any chance? Normally you would see something like: ou=computers,dc=example,dc=com. You could try this instead?

dsconfigad -f -a (computer name) -domain (domain) -u (AD domain admin user name) -p (password)

Where (computer name) is either the result of issuing "hostname" or what's specified in the Sharing Preferences Pane. Followed by a restart. What sometimes happens is the entry does not get added to the Search Policy. If this is an AD-OD integrated environment with mac style GPOs being provided by OSX Server and you've 'joined' the client workstation to OD first AD won't automatically add itself to the search policy after binding.

Occasionally (depending on the limitations of the AD environment) using the interface is all that works. Perhaps this is one of those occasions?

HTH?

Tony

Hi

+"this looks like a bug to me?"+

I think you may be right. To be honest dsconfigad has never worked properly for me, dsconfigldap on the other hand works - for me anyway. I guess you could try using -f (force) switch? Invariably I end up using the GUI initially to bind one mac and then issue the command using ARD as well as copying the SearchNodeConfig.plist and sometimes the DirectoryService.plist making sure the second key lists "Active" rather than "Inactive". Restart afterwards.

When binding mac workstations to AD they automatically get added to the Computers OU anyway as the utility quite rightly points. There's no need to specifically define it although there's no harm if you do. It's about the only thing in terms of hardware you can 'control' other than user account and network profile. Still can't apply AD Policies to it though. Unless you're interested in modifying the Schema.

HTH?

Tony