Big Sur troubles with Active Directory

Question

Big Sur troubles with Active Directory

I state that in our company there are three different domains

corp.mydomain.com (mydomain.com is the external address)

mydomain2.com

corp.mydomain3.com

I have "almost" the same problem reported at this link

https://discussions.apple.com/thread/252893707

Computers used for testing:

MacBook Pro 13' 2017

iMac pro 27' Retina 5K 2017

Both with Big Sur 11.5.2.

Trying the binding on mydomain2.com things seem to work

the domain in the login options of the system preferences appears correctly with capital letters (MYDOMAIN2)
I can modify the various options of "Utility Directory (UD)".
navigate the "Active Directory/MYDOMAIN2/All Domains" with the "directory editor" of UD
the network users connect correctly and create their Home directories.
at reboot everything continues to work properly (or so it seems)

...But if I try to bind with corp.mydomain.com

the domain in the login options appears with lowercase letters (mydomain), which is wrong in my opinion, and initially seems to work at least until I try to change any option of UD ("Create mobile account at login" and/or" Allow administration by:..." ) and save the changes or restart the computer .

At this point in the login options appears a second domain in uppercase (MYDOMAIN) with the same problems reported in the discussion that I cited previously, so summarizing ...

in the login options of the system preferences appear two domains one in lower case and one in upper case
I can modify the various options of "Utility Directory (UD)", but they seem to be a cause (or at any rate a concurrent cause) of the problem
after the reboot I can add the "new" domain (the one in uppercase) to the "Authentication Search policy" but I CANNOT browse the "Active Directory/MYDOMAIN/All Domains" with the "directory editor" of UD, and I get a popup reporting the error "Connection to the directory server failed (2100)"
network users do NOT connect or create their home directories.
at the reboot the tiny domain disappears from the Login Options but remains in the "Authentication Search policy" and "Contacts" of UD

Unfortunately I can't bind computers to mydomain2.com or corp.mydomain3.com both domains will be migrated to corp.mydomain.com within few months, and also I have limited administrative rights on corp.mydomain3.com.

PS. I apologize for my bad English, and I hope to have been sufficiently clear.

Posted on Aug 23, 2021 7:45 AM

Reply

Answer 1

Sep 7, 2021 7:14 AM in response to Old Toad

Sorry Old Toad if I'm only responding now but, lucky for me, I took a couple of weeks off (I really needed it).

I preferred to restart with a new clean Big Sur installation, just to be sure...

Here is the report after the first reboot from the bind , I hope it will be useful, we didn't find any useful data to solve the problem.

EtreCheck report after bind first reboot

Reply

Answer 2

Old Toad

Level 10

210,407 points

Aug 24, 2021 9:09 AM in response to Cesare Cerutti

To get an idea of you current setup download and run Etrecheck. Etrecheck is a diagnostic tool that was developed by one of the most respected users here in the ASC and recommended by Apple Support to provide a snapshot of the system and help identify the more obvious culprits that can adversely affect a Mac's performance.

IMPORTANT:

Before running Etrecheck assign Full Disk Access to Etrecheck in the Etrecheck's Privacy preference pane so that it can get additional information from the Console and log files for the report:

Also click and read the About info to further permit full disk access.

Copy the report

and use the Additional Text button to include the report in your reply.

Then we can examine the report and see if we can determine what might be causing the problem. Also print out the report for your IT personnel to look at.

Reply

Answer 3

Old Toad

Level 10

210,407 points

Aug 23, 2021 9:18 AM in response to Cesare Cerutti

That sounds like questions you should be asking your web hosting company.

Reply

Answer 4

Aug 24, 2021 1:46 AM in response to Old Toad

Thanks Old Toad, could you suggest what to ask the provider?

Which, by the way, is another department also of the company where I work, and so far they have not been able to find anything that could cause the problem... (and of course with Windows and Linux everything works correctly)

Reply

Answer 5

Sep 8, 2021 4:58 AM in response to Old Toad

Hi, unfortunately the problem recurs in the exact same way as stated in the first post....

The most depressing thing is that from the Domain Controller from the logs do not show any error, while on the Mac I can not find any clue that may suggest or not where and how to act.

It's starting to get depressing...

Reply

Answer 6

Old Toad

Level 10

210,407 points

Sep 7, 2021 8:56 AM in response to Cesare Cerutti

No problem. Everyone needs some decompression time when things get screwy.

The report looks clean. As you restore your user files let us know how it goes.

Reply

Big Sur troubles with Active Directory

Similar questions