+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 17
Mac Thread, Migrating users from AD to open directory. in Technical; Is there any free tools out there which will allow me to grab a OU from AD, export it to ...
  1. #1
    ranj's Avatar
    Join Date
    Feb 2006
    Location
    Birmingham
    Posts
    730
    Thank Post
    98
    Thanked 42 Times in 32 Posts
    Rep Power
    25

    Migrating users from AD to open directory.

    Is there any free tools out there which will allow me to grab a OU from AD, export it to a CSV and then import the important info into an Open directory.

    I have tried rightclicking the OU in ad, its offers and option to export to a CSV, I have tried this but when I import into users management on MAC OSX it doesnt seem to work.

  2. #2

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,721
    Thank Post
    667
    Thanked 1,637 Times in 1,463 Posts
    Rep Power
    424

    Re: Migrating users from AD to open directory.

    What do you mean by exporting the ou? or do you mean the users and computers that it contains?

    Ben

  3. #3
    ranj's Avatar
    Join Date
    Feb 2006
    Location
    Birmingham
    Posts
    730
    Thank Post
    98
    Thanked 42 Times in 32 Posts
    Rep Power
    25

    Re: Migrating users from AD to open directory.

    From Active Directory if you right click an organiation unit, you have the option to export the current list into a CSV file.

  4. #4

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,721
    Thank Post
    667
    Thanked 1,637 Times in 1,463 Posts
    Rep Power
    424

    Re: Migrating users from AD to open directory.

    So what exactly are you trying to do recreate your users in open directory?

    Ben

  5. #5

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,600
    Thank Post
    109
    Thanked 769 Times in 598 Posts
    Rep Power
    181

    Re: Migrating users from AD to open directory.

    Unless you are migrating completely to Mac OS, there is no need to do this as the AD users appear in (and can be managed through) Workgroup Manager.

  6. #6

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,191
    Thank Post
    299
    Thanked 215 Times in 185 Posts
    Rep Power
    56

    Re: Migrating users from AD to open directory.

    I have just done this. The reason i did this was because when using integration with AD, prefs just seemed to fail to come down to the clients.

    When changing users passwords they failed to update in WGM or ODs password server. IE one child asked to have his password changed and the one he wanted wasn't so bad so i changed it and then he failed to log into OS X. I have since moved AD users into the OD so now have two separate domains and so far have less problems. I have since purchased a new gb switch and have taken my G5 to work as the OD replica so may visit the OD-AD at a later stage when time is more of a friend.

    The way i did it was to export the users, groups from the AD in WGM and then re-imported them after i removed the OD from the AD network. May be better off re-installing the OD Master though.

    The only downside is that the UIDs for the users are the AD ones and so are everywhere. I mean everywhere in the sense that OS X server goes up in increments like 1024,025 etc.

    You can use passenger to add the users though if you can get hold of it. It is good software. Its shareware so you can download and use it but theres a limit on the amount of users you can import a one time. Maximum of 15 i think it was.

    If you rebuild the OD with new GUIDs you will also need to either re-build the homedirs or give the users the permissions again. This is because of the GUIDs being different. They will no longer have access rights to their homes.

    This is the point i am at at the moment. you can use Passenger to do this too.

    If you can get hold of Passenger then i would re-build completely and use Passenger to import the users and re-add the permissions to their home dirs.

  7. #7

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,191
    Thank Post
    299
    Thanked 215 Times in 185 Posts
    Rep Power
    56

    Re: Migrating users from AD to open directory.

    Just re-read the OPs original post.

    You need to look at how OS X creates its export file.

    Its not so straight forward as a CSV file.

    Export the users and take a look at the beginning of each users' section.
    The Ds sections are what you need to add.

    Again Passenger is probably (if not the only since i couldn't find any other) the best tool for this job.

  8. #8
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,464
    Thank Post
    10
    Thanked 496 Times in 436 Posts
    Rep Power
    113

    Re: Migrating users from AD to open directory.

    Slightly on topic. When integrating AD and OD there are several areas that need to be done differently to the guides to actually make it work.

    Things you need to do to get managed prefs working (10.4 Server and 10.4 Client):

    For Mac LDAP:

    Can't use SSL

    Can't use DHCP assigned OD servers

    Manually set mapping to OD

    Add a boot delay on intel machines due to boot race condition issues. This
    manifests itself with prefs working after you have logged in and back out on the machine. I've linked this in a previous post

    Make sure the Sharing/OD name is *different* to the name used to bind to AD

    Can't use OD binding.

    Make sure you don't get caught out by the AD ldap record limit where it will only return 1000 results, I'm sure this stops users logging in here as its just gone over 1600 objects. I know OS X should be looking for a specific user, but I don't think it does.

    Using these I can get the prefs to load successfully on boot nearly all the time.

    Other issues: You can't print to AD print queues as it doesn't use the logged in user name and password. AD password changes don't always get picked up, usually noticed when the machine is rebooted. You also lose your keychain when the password is manually changed for users (happens with just OD too though).

    I can also supply a preference file that makes printers for users default to A4

  9. #9

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,191
    Thank Post
    299
    Thanked 215 Times in 185 Posts
    Rep Power
    56

    Re: Migrating users from AD to open directory.

    "I can also supply a preference file that makes printers for users default to A4"

    This one would be a life saver

    All the things you mentioned above I had in place.

    SSL was not used.

    DHCP came from the AD as did DNS.

    Manually created OD mapping.

    Didn't add the boot delay though as when i logged in and then logged back out prefs still did not pick up.

    Sharing was set to .local and OD was set to domain name.

    Didn't bind as that created further problems.

    Only have a maximum of 300 users in the DB so i've got a little distance in my records at the moment :-)

    I also checked the kerberos time was correct.

    There is a script on the AFP548 site that looks for updated passwords IIRC and then syncs with OD server?

    I could have that wrong though and maybe dreamt it one night

    The only thing i could think it coould be realted to was the network switch since apparently this could impact prefs as well.

    But i also had issues where the users in the AD needed to authenticate to the mail server which meant i needed to have the AD in the auth on the OS X server on top, which in turn meant i couldn't auto mount the networked home dirs.

    Apparently the print queues in Leopard have now been kerberised.
    I tried the script that was available to kerberise the print queues in Tiger but it made no difference.

  10. #10
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,464
    Thank Post
    10
    Thanked 496 Times in 436 Posts
    Rep Power
    113

    Re: Migrating users from AD to open directory.

    I mean is the machine/dns name used for OD different to the one it is bound to AD with? if not then it often doesn't work!

    I have art-01 for the OD name/share name for OS X. When binding to AD I have to change the name to macart01 (anything as long as it doesn't match OD!)

    I copy this file to the users folder when they login as part of the loginhook
    Attached Files Attached Files

  11. #11

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,191
    Thank Post
    299
    Thanked 215 Times in 185 Posts
    Rep Power
    56

    Re: Migrating users from AD to open directory.

    Oh then yeah. I found that issue out with Boot camp. When adding the Mac client to the Ad i used art-01 and then when i came to do the XP partition i then thought oh dear. I can't use that name anymore.

    I then proceeded to name them differently for both partitions.

    I found that software doesn't deploy too well from GPOs as well when running boot camp especially under 1.3. I disabled the Apple time service and that seemed to resolve the issue. Software was once again being deployed.

    "I copy this file to the users folder when they login as part of the loginhook"

    what file? :-)

  12. #12
    gaz350's Avatar
    Join Date
    Jul 2007
    Location
    Rutland, east.leicestershire :P
    Posts
    579
    Thank Post
    47
    Thanked 49 Times in 41 Posts
    Rep Power
    28

    Re: Migrating users from AD to open directory.

    im guessing the file attachment

  13. #13

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,191
    Thank Post
    299
    Thanked 215 Times in 185 Posts
    Rep Power
    56

    Re: Migrating users from AD to open directory.

    Now i can see it i guess you could be right.

  14. #14
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,464
    Thank Post
    10
    Thanked 496 Times in 436 Posts
    Rep Power
    113

    Re: Migrating users from AD to open directory.

    Quote Originally Posted by HodgeHi
    Now i can see it i guess you could be right.
    it wasn't there :P

    I didn't notice the error when I tried to attach it the first time as it's in a silly place in a tiny font. Doesn't let you attach plist files

  15. #15

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,191
    Thank Post
    299
    Thanked 215 Times in 185 Posts
    Rep Power
    56

    Re: Migrating users from AD to open directory.

    no worries.

    Funny thing though.

    After i posted i have started to re-image the macbook trolley we have ready for the new year.

    I have done 15 so far and each one i have re-joined to the domain afterwards.

    I joined one to the domain and then unjoined it and created a new image from the machine. Once completed i then went to re-join it to the OD and it failed to pick up the network accounts.

    I was binding using AirPort so i thought it could have failed to connect in time so i used wired and it still failed. On looking in the KDC log on the server i find its failing its pre auth and decrypt integrity check was failing.

    I look on the client and its moaning about policies not being right.

    So i will re-image this machines again and see what happens. All clocks are OK so i'm not quite sure why its now failing. It was OK yesterday night and i have had no problems joining the others that i have re-imaged with the image i took from the one failing???

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Cannot create users in Active Directory
    By WithoutMotive in forum Windows
    Replies: 17
    Last Post: 6th February 2009, 11:20 AM
  2. Active Directory-Script for Creating Bulk Users
    By calapso in forum How do you do....it?
    Replies: 8
    Last Post: 14th January 2009, 06:32 PM
  3. Importing new users into Active Directory
    By Mr_M_Cox in forum How do you do....it?
    Replies: 16
    Last Post: 4th November 2008, 11:36 AM
  4. Replies: 2
    Last Post: 28th November 2007, 04:40 PM
  5. Replies: 3
    Last Post: 27th April 2007, 08:32 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •