User profile for user: IamOnline
IamOnline Author
User level: Level 1
0 points

Profile Manager web only management using Active Directory users and groups

Does anyone know how to set profile manager up so that under Users or Groups on the myserver.com/profilemanager/ page that it just displays "Search for Users" or "Search for Groups" and allows you to search Active Directory through this page?


A friend has this set up, though he can't remember how he did it.


If the server is set up this way then Profile Manager can be managed completely from the web page and there is no need to manually import users into the server app. For both active directory users and groups you are able to just search for the user or group that you want to apply profile settings to or assign devices to and do it completely from the web page. This is an ideal set up.


Thoughts on how to make this work?

Mac mini, Mac OS X (10.7.4)

Posted on May 22, 2012 2:43 PM

Reply
3 replies
User profile for user: IamOnline
IamOnline Author
User level: Level 1
0 points

May 29, 2012 12:29 PM in response to Pedro Santos Logica

Thank you Pedro,


Here is what I have set up so far.


I updated OS X to 10.7.4

I used Directory Utility to join OS X to AD.

I followed these directions to set up Profile Manager. http://krypted.com/iphone/setting-up-profile-manager-in-lion-server/

I installed the OS X Server Admin Tools

I launched Server Admin to grant access to Profile Manager for Domain Admins and Domain Users. (Adding domain admins first allows admins to log in to /profilemanager page to manage profile manager. Domain users can log in to /mydevices page)

Launched Server App and under Groups I edited the Workgroup group and added Domain Admins and Domain Users. (Again Domain Admins first followed by Domain Users. The order seems to matter as far as the server recognizing the admin rights of the domain admins group.)

Followed these directions to change the web authentication to plaintext to work with AD Logons http://support.apple.com/kb/HT4837

Then Launched the Profile Manager and check the box under the About tab for the Workgroup group for "Can Enable Remote Management"


These steps above get me to a functional profile manager that works with AD groups and AD logins for the /profilemanager and /mydevices page.

I can search for groups under the groups section, but under the users section I can only see local users or users that are imported from Active Directory.


To import users from Active Directory you Launch the Server App and under the users section click the +. There will be a pulldown to import user from another directory. If you start typing a name you should see names populate in the search window that yo ucan select and choose import.


What I seem to be missing is a piece that allows the user section of the /profilemanager webpage to do a query search of Active Directory. If this were set up then manually adding users through the Server app wouldn't be necessary. I have tried some extra steps for setting up the Magic Triangle, but have so far had no luck with those if they are even needed.


This command to stop kerberos for the open directory master fails at the step to remove the logon http://docs.info.apple.com/article.html?path=ServerAdmin/10.6/en/odfd7bf26f.html

If that were to succeed then using this command sudo dsconfigad -enableSSO would kerberize the AD in the computer.

Even if that were working I'm not sure that is what is required to get AD queries to work on the webpage.


I get the impression that what I want to do is possible with some hackery, but is outside apple's supported use design for profile manager.


Ian

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Profile Manager web only management using Active Directory users and groups

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up