Help setting up profile manager in Windows domain?

I'm going to take another stab at this nightmare of getting PM running on my Windows network, after reading your info. You may have helped me back out of the mud. We'll see. Either way thank you for sharing your findings!

Bump.

I wish I had answers to help, but you gave me more direction than I had to start. Thanks, and I will post info I get as I learn; we share the same task.

yes your pretty much correct

except you don't have to install OD or profile manager, just enable and configure

configuring PM will enable and configure OD and web service

you'll need DNS setup first with a your server name as well

an apple id for server profile push

open the ports PM uses

once you've bound to AD your users and groups should show in PM

I don't use AD but I've read post about AD support not working properly

not sure if it's a major issue or config error, sorry i can't help you there.

you can use a self signed certificate

you'll also need to install your server trust certificate on your mac's and ios devices

before enrolling

if you don't bind to the AD it just means you'll have to recreate the users and groups as needed on the mac server. they will probably end up with different passwords over time. which may or may not be a problem.

Let me chime in and give info on the progress that I have made, prefaced by my declaration of how new I am in both AD and OD. So I will share my rudimentary understanding, and the progress that I have made accompanying this.

In my AD, our domain controller acts in the DNS role, and when a computer is added to the domain, the DNS servers are updated to reflect that computer's NS>IP translation.

In MY instance, I am not presently intending to add my OSX server to AD, therefore there will be no entry in the DNS servers regarding my computer. I had to manually add my computer to my Primary and Secondary DNS servers. I somehow managed to do this properly, and did so in both forward and reverse lookup zones.

now, when an iPad I have configured is connected to our networks wireless, and calls out for "OSXserver.school.local" the DNS tables point it the right direction.

as for the external forwarding, I have no experience setting that up, but it was this DNS setting that prevented be from being able to configure profile manager, nay, even turning it on, (because I havent fully configured it yet, but thats due to time available.)

so if your AD server is handling your DNS, thats where to start. Get the FQDN of your server in the DNS, and then to check, you can use the "nslookup" command in OSX term to verify the settings are correct. If you "nslookup server.school.local" it should return your dns server IP addresses, which you are querying, and then return the IP address of your server, which is necessarily static. then try the vise versa, "nslookup ip.your.ser.ver" and it should return your servers FQDN.

this is the DNS that needs to be setup, but it is not necessarily making your OSX server a DNS server, and depending on your network, AD might not be managing it either, so thats why its hard to get clear instructions on the "Setting up DNS" part of the process. If you need more info on how I setup my AD DNS i can post screenshots etc.

then go to setup profile manager and no errors are returned, it walks you through the creation of a new OD master, and you now have access to PM configuration options.

hope this info applies.

going from memory if you setup profile manager lion will by default turn on DNS OD and web service

DNS will only configure itself with the server name. You can set your own internal DNS server as a forwarder

in order to resolve other machines on the lan.which is what I did as I also had an existing internal DNS server.

and it seemed to be the path of least resistance at the time.

As long as you setup your DNS entry for the lion server before you setup lion server you should be fine without running DNS on the lion server.

I chose to use our domain name for the server as it would cause less problems down the track rather than local

that way the FQDN is in the self signed certificates

I use the domain both name internaily and externaily, less for users to remember