Newsroom Update

Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: MattRK
MattRK Author
User level: Level 1
0 points

Not all AD Network Groups are showing up

Let me preface this question by stating that i am aware that Active Directory integration is "broken" in 10.7 (and 10.7.1). For me, I've been able to successfully get most of my 10.7 machines bound to our AD domain. We still run into issues after reboots and struggle when adding new machines to the domain but after some work we are able to get it added. I don't think this problem/question is related though i suppose it might be if AD is seriously broken.


In 10.7 when i pull up the "Get Info" window for any folder and then click on the plus sign under the Sharing & Permission section to add permissions, i don't see all of our Active Directory Network Groups (Security groups as they are called in AD). I only see about 20 or so of our security groups. (We have about 75-100) This problem is limited to 10.7 and 10.7.1. In 10.5 and 10.6 i see all of our groups listed.


I've narrowed the problem down to the fact that the missing network groups do not contain the "displayName" attribute on the Active Directory side. The groups that do have the displayName attribute show up in the Network Groups section on Lion. In 10.5 and 10.6 the groups that don't have a displayName attribute are still listed but are listed as "Domain\Network Group Nam." I have tested manually adding the displayName attribute to a security group in AD and have verified that after doing this the group does show up under the Network Groups section in Lion.


Does anyone know why this is or how to fix it? (Other than manually adding the displayName attribute to all our groups in AD) Is there some sort of command i need to run in Lion to map the cn attribute to the network group name in Lion? As for the AD side, i think the only reason that some groups have the displayName attribute is that those groups are also distribution groups with email addresses on our Exchange server. The security groups that don't have email addresses are just regular global security groups and don't contain this attribute. The displayName attribute must be something that Exchange is adding to those security groups.


I would appreciate any help you can provide.

Mac Pro, Mac OS X (10.7.1)

Posted on Sep 15, 2011 8:45 AM

Reply

There are no replies.

Not all AD Network Groups are showing up

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up