Fixed #2, iCal authentication.
Anyone know why #1 and #3 don't happen?
For WGM to edit AD accounts, I'm assuming the best thing is to Setup a OD replication instead of just binding to AD.
Should I switch to OD Replica or Master?
Will this break anything? I believe I tried it once before and it broke authentication completely to AD... but i can't say I was already bound to AD.
For the two sub-questions in 1 - yes and yes. Just an opinion but Apple have no interest in 'aping' something that Microsoft have been doing very well for many years. As long as IOS Devices (iPhones, iPads) can 'work' in a Windows Environment (mainly because EAS support is built-in) is all that matters.
As for 3 - unless you're preapred to 'hack' the AD Schema in a major way you only have read only access to its LDAP Database from another platform. You could make changes to user accounts in a 'stub' database (Augmented Records) if you wanted to but that's another story and for what you want, probably not necessary?
For your other post and if I've understood you correctly, you have to have two OS X Servers if you want OD Replication. One as the Master and the other as the Replica. As far as I know you can't make OS X Server a Replica of your DC. Neither can you make OS X Server a BDC of your DC.
Thanks for the reply! I've really got two huge issues.
I didn't fix iCal authentication for AD users. I found it had several system certs, one for each time i tried to set it up via the server app. So i deleted those and set it up again and applied our certificate to the iCal service, bingo. That seemed to fix it, temporarily. I can get logged in once with an AD account, however, i log out and then it doesn't log back in. It's almost as if it's bouncing. The log file confuses me because i can see where it will says dovecot: auth od(username,ip) and that the account was found. Then it seems to connect again.
The other huge issue is that spamfiltering doesn't let anything through, set as low as the slider will allow. I can't find documentation about how it really works.
I know it's spamassisin but that's it. I also see that when i turn it off, message i saw get greylisted come through. I'm just worried about leaving it on, going to bed and getting a call that no one has gotten emails. Is it normal to learn in the beginning and then to start working correctly? I subscribed to zen from spamhouse but it blocks quite a bit of legit email, even though the senders domain and ip aren't blocked according to the check utility they have. which i found odd, so i took it off.
"Is it normal to learn in the beginning and then to start working correctly?"
In essence, yes.
Graylisting is on by default when you configure and enable the Mail Service and it's actually a good thing if you're prepared to be patient. However you may decide you don't actually need it and resort to other methods of filtering mail to your domain. There are many tools available for any enterprise wishing to run it's own private mail server and graylisting is just one option. There are lots of resources explaining graylisting which you can google for yourself.
However these might help?
A good resource for all things OS X Mail Server is here:
Your iCal Service issue for Active Directory Users may be answered here:
However the problem you're describing with certificates is not good and you should really clear this up as soon as you can. There are some 'golden rules' regarding servers in general and OS X Server in particular. In no particular order these are:
1 - Start at the end to begin at the beginning (a bit odd but it does make sense if you think about it)
2 - DNS. Get this bit right and everything else will follow
3 - If you mess up the initial configuraton right at the beginning it's best to start again
4 - DNS. Get this bit right and everything else will follow
5 - A lot of features you'd expect from a Mail Server for Enterprise use is not in the GUI. You will have to use Terminal sooner rather than later. This is also true to a lesser degree with other services.
6 - DNS. Get this bit right and everything else will follow
The above is only my opinion.
If you've not already done so you may want to start again (wipe and reinstall) otherwise you may find as time goes on that the instability the server is suffering from at the moment will only get worse and usually when you least want it.
Ok, figured out my ical issue. My account had the callback set to TRUE. had to use ADSI edit and compare mine to another account, which worked. Turned that off and bingo.
However, I assumed once setup i would be able to send email invitations via thunderbird+lightening, or is this also going to require Address Book functioning?
meeting requests, etc working. Now i'm just trying to decipher apple's instructions for training the spam filter. I've created the two accounts. What i'm confused about it is i keep reading that apple has a script that runs every 24 hours that pulls information from ALL users junk folders and uses that information to train the filter.