Same here I'm afraid. Rebinding to my 2K3 R2 domain corrected the issue for a while but it is still flaky (I get network accounts unavailable or active directory inaccesible from time to time).
1- delete Lion machine account from AD (and force replication if you have multpiple DCs)
2- logon to Lion with a local admina account (do not use the domain/mobile account you already have)
3- unbind, reboot, rebind to AD, reboot
4- Check AD tool in Lion, make sure all of the search paths for directory services are there. If you click the + sign you may find there is one path missing.
Again, rebinding got me past the initial issue where it would not see my AD environment whatsoever BUT, the problems are not fixed. Looking at the console while you troubleshoot this may give you some clues. Can't wait for apple to start issuing patches.....
I just posted similar question. I have only upgraded one mac so far as a test. I cannot bind to AD at all. I get to point where it is "getting AD domain info" and then it eventuall fails with "Authentication server could not be contacted."
I've tried several times. When I look inside the Directory Service directory, there is nothing there.
I will try some of the suggestions above to see if this helps, but I sure hope Apple comes out with a patch as I really do not want to be removing and readding over 400 computers to AD and rebinding them!!
There are a ton of threads on the Googles about this problem. For giggles I'm going to call Applecare tomorrow.
A script in this thread might be promising, but I haven't tried it.
same trouble, this was the only fix I found only works until machine is rebooted:
1. unbind machine
2. rename machine
4. login as local user
5. in directory utility go to services
6. enter active directory name
7. check create mobile and require confirm (optional)
8. check prefer this domain controller, enter full primary domain controller
9. check allow auth for any domain in forrest
10. enter ad name
12. logout (network login will be unavailable)
13. login local admin
14. go to search policy
15. make for custom path - click + add /active directory/domain
16 move /active directory/domain up above /active directory/domain/all domains
17. click + then cancel out of that
18. it will now be able to login to network --- but don't reboot.
Called enterprise support on this, they are well aware of the problem, and have been since day 1 of the official release. Their response "We are looking into this matter....".
Gee thanks apple. Now we know why lion upgrade was selling for $25.
I have successfully added my systems to AD with no issues. But at the login screen I get a message bubble with the following error "Network Accounts Unavailable". In System Pref. I have a green dot show AD is up and running but at the login screen it's red with the error message. Anyone else having this issue?
Are you able to log in with a domain user?
This is the same problem we were having.
Luckily I'm in a position where I can work directly with Apple sw engineers on diagnosing the problem.
Here's the main issue.
The green light in that window means the computer can see a domain controller as a valid address.
The login screen is active negociation.
aaron-wy is correct in pointing out that you need to use Directory Utility to manually add your search path. If you look at your opendirectoryd log files in Console you'll see timeouts to /ALL DOMAINS/.
When you hit the + button, you'll see your actual domain there instead the generic catch-all.
Add it, give the priority, and apply it. Give it about a minute for the computer to realize what just happened. Try a quick user switch and you should be able to authenticate (and encounter the next bug shortly after).
You'll authenticate and if you active quick user switching you'll be listed as your user name in all caps. If you log out and log back in, even with quick user switch, you'll log in as your display name. Lion sees this as two different accounts but the same home folder. No programs will launch (1 bounce then instant close) and Safari will launch slowly. You need to restart and hope you can login to the correct account (user name not display name).
Thank You for your help mwfischer and aaron-wy.
I added the search path and I got it to work. But, the only small issue I found now is that our AD domain admin accounts can no longer be administrators to the computers without checking the "Allow to administer computer" check box. With Snow Leopard our domain admin accounts were able to administer the computers without further tweaking. This is small issue and I can work around it by creating a local admin account or enabling root. But if anyone knows a fix please share. Thanks again.
I've had pretty good luck by resetting the directory services configuration. Typically, this involves deleting the whole OpenDirectory folder in /Library/Preferences, rebooting, then binding again with dsconfigad or Directiry Utility. By the way, the syntax fir dsconfigad has changed a bit in Lion. The advantage of using it instead if Directory Utility us that you get more detailed error messages.
Note that if you're running Lion Server, you'll need to rebind to your shared LDAP (OpenDirectory master) domain as well. Your LDAP database, password server store, and KDC should be just fine, but your server won't be able to contact them as it should until you rebind.
Well, once Apple releases the update 10.7.2 this should fix the AD bind issue. It is only in preview for ADC members right now, but I loaded it and was able to create my domain account and mobile account. Rebooted system, and was able to log back in with same domain account.
It aso seems to fix the SMB share connection issue. Yay.
Another oddity in case you have not noticed but in /Users/<user ID>, the /Library directory is invisible!