Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: J D McIninch
J D McIninch Author
User level: Level 5
4,091 points

Upgrading from Mavericks to Yosemite breaks Active Directory. Is there a fix / work-around?

I work for an organization that uses Active Directory (Windows Server 2008, I believe) for user account management and also for managing printer shares. Until Yosemite, OS X worked brilliantly with AD and our user accounts and machines were bound easily and reliably. When any user upgrades to Yosemite, the process occurs without a hitch except that AD connectivity breaks.


The color indicator for Network Account Server in Users & Groups is green, indicating that believes the connection to the directory server is OK. If you select "Edit" for the directory configuration - everything looks as it did before. However, if one attempts to access the Active Directory tree using Directory Utility it displays the error "Connection failed to node '/Active Directory/COMPANY/All Domains'. If one uses the command line utility 'dscl' to attempt to list AD entries, you also get errors:


> ls Active\ Directory/COMPANY

All Domains

> ls Active\ Directory/COMPANY/All\ Domains

ls: Invalid Path

<dscl_cmd> DS Error: -14009 (eDSUnknownNodeName)


If I go to add a printer, I can no longer retrieve the printer list from the domain.


I have checked, and there DNS search domains are correctly configured and fully configured properly on all the computers involved. They can all ping the AD servers, and if I used dig to check for SRV records for LDAP (_ldap._tcp.directory.company.com), they are correct.


Does anyone have an idea what's going on? What's changed and how to fix it?

Posted on Dec 10, 2014 8:38 AM

Reply
Question marked as Best reply
User profile for user: J D McIninch
J D McIninch Author
User level: Level 5
4,091 points

Posted on Dec 10, 2014 9:18 PM

I found an unlikely solution to the problem: one needs to add the Active Directory Forest name (as it appears in the advanced settings after joining the computer to the AD domain; NOT the AD server name or DNS domain) to the list of DNS search domains in network preferences - which makes no sense at all (at least in our case, the forest name isn't the name of any actual domain that's in DNS). It's not clear why Yosemite is incorrectly blending the idea of DNS domains and AD forests.

View in context
2 replies
Question marked as Best reply
User profile for user: J D McIninch
J D McIninch Author
User level: Level 5
4,091 points

Dec 10, 2014 9:18 PM in response to J D McIninch

I found an unlikely solution to the problem: one needs to add the Active Directory Forest name (as it appears in the advanced settings after joining the computer to the AD domain; NOT the AD server name or DNS domain) to the list of DNS search domains in network preferences - which makes no sense at all (at least in our case, the forest name isn't the name of any actual domain that's in DNS). It's not clear why Yosemite is incorrectly blending the idea of DNS domains and AD forests.

Reply
User profile for user: koogorah
koogorah
User level: Level 1
13 points

Dec 11, 2014 7:07 AM in response to J D McIninch

We spent over a month trying to find a fix for this issue, and even your fix didn't work.


Same as you we have forest AD.LOCAL and domain as domain.com.


We are sure the DNS settings are fine, the green light is on and it even authenticate as it said my password will expire in X days. But it never pass the loading login screen.


Can anyone assist please?

Thanks.

Reply

Upgrading from Mavericks to Yosemite breaks Active Directory. Is there a fix / work-around?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up