Ah, wait, I think I've managed to work something out. When configuring profiles for devices, you can assign users and groups under Login Window > Access. Would I be right in thinking that applying a profile with users assigned access will create those users and apply their settings automatically? If a user or group already exists, it'll presumably just apply those settings?
1) Assigning a device to a user is simply telling mobile device management (MDM) that the device is linked to a person. The advantage is managing the different devices a user has gotten, for instance if you make a profile with all settings that are relevant to that user and the user has a MacBook Air, iPhone and iPad assigned to him or her, the profile will be automatically distributed to all three devices, while the administrator only has to set up one profile.
2) At the apps tab you can drag apps in *.ics format to the input window as long as they are free or custom built.
3) You can user Presets:
Creating a Preset for User Accounts
You can create presets to use when creating user accounts in a directory domain.
Presets are stored in the directory domain you’re currently viewing. If you change directory domains, the presets you created in the other directory domain are not available.To create a preset for user accounts:
- In Workgroup Manager, click Accounts.
- Click the globe icon and choose the domain where the user’s account resides.
- To authenticate, click the lock and enter the name and password of a directory administrator.
- To create a preset using data in an existing user account, open the account; to create a preset from scratch, create a user account.
- If you’re basing the preset on an existing account, fill in the fields with values you want new user accounts to inherit and then delete values you don’t want to specify in advance.The following attributes can be defined in a user-account preset: simultaneous login, default shell, comment, primary group ID, group membership list, home folder settings, disk quota, mail settings, and print settings.
- Click Preferences.
- Configure settings you want the preset to define and then click Accounts.After configuring preference settings for a preset, you return to the Accounts settings to save the preset.
- From the Presets pop-up menu, choose Save Preset, enter a name for the preset, and click OK.The preset is saved to the current directory domain.
4) You can not mage users in profile manager, you need to do that on the server running Profile Manager or at the master when you are running on a replica.
My mistake. I was mis-remembering a comment from this thread:
we fear that MCX is in the process of being deprecated
Where MCX seems to be the files WGM uses to distribute settings to clients.
I don't suppose you could save me the wear on the keyboard by linking to a good set of documentation for WGM? I haven't a clue about what it does.
I agree with the consensus that Profile Manager is not even near finished.
Workgroup Manager may very well be deprecated in the (near?) future in favor of Profile Manager, but I don't think Apple will until there is a great enhancement of Profile Manager and at that point I'm sure there will be no more objections we can render. Maybe MCX is then integrated into Profile Manager or the concept of MCX has been replaced by another mechanism.
I've managed to request "Mac OS X Lion server bible" by Richard Wentk at my local library. Looks like I'll have to learn all about Open Directory and WGM, and not just Profile Manager if I want to get this working. Just to make sure: this isn't about creating network accounts, right? This will actually create local accounts that can be used without _any_ access to OS X Server once done?
From what I'm reading, this isn't what I'm looking for. It's probably important to tell you that the Mac Pro that OS X Server is running on is not actually going to be functioning as a server, per se. In fact, it's only going to be switched on as and when necessary, which is perhaps once or twice a week at the moment, and even then not for long.
All I want to do is automate the creation of the initial user accounts because I'm basically sick and tired of doing fresh installs all the time. There are a huge number of things that I have to set manually every time Apple provides a new iteration of OS X, or when I set up a fresh install of the current OS for whatever reason, and I'd really rather not have to go through that again and again and again… For this very reason I'm now intending on sticking with Mountain Lion for quite some time, regardless of updates.
From what I had read, Profile Manager seemed like the tool I was looking for, but now I think I was either wrong, or the tool isn't yet up to scratch.
Network Accounts are an entirely different beast, and if I were to use those all user data would actually be stored on the server, and loaded over the network as necessary. Yes, I could use mobile accounts, but once again we're adding yet another level of complexity. The whole point of this process was to make things simpler.
There're more important things in life than computer management, and I'd like to get back to them.
Why didn't you say so before?
Backup and Restore Open Directory:
sudo slapconfig -backupdb <archive-path>
Creates an archive containing the LDAP, Password Server and Kerberos data-bases. It also contains Certificate Authority related data.
sudo slapconfig -restoredb <archive-path>
Restores a directory to the backed-up state.