Mac Thread, AD-OD Workgroup Manager in Technical; We have a successful implementation of the magic triangle within our district.... Sort of.
We ARE able to manage AD ...
30th December 2009, 10:16 PM #1
- Rep Power
AD-OD Workgroup Manager
We have a successful implementation of the magic triangle within our district.... Sort of.
We ARE able to manage AD user accounts when they are imported into a group in workgroup manager, however we ARE NOT able to manage AD groups when they are imported into a new group in workgroup manager. Has anyone else encountered this? Everything else works great, users can login with AD credentials, there network home automatically mounts, but we are not able to manage them based on there AD Group. If I add a specific user account to that group, login as them, the management settings apply fine. With the size of our district it is not realistic for us to add each user account into specific groups.
Any help would be much appreciated, and if I did not provide enough information let me know and I can get that out quickly.
IDG Tech News
30th December 2009, 11:03 PM #2
You have to create an OD group and then add the AD group to that.
Edit: Also certain group names are reserved and may already be in use on the Mac, make sure it's not got a really common name.
30th December 2009, 11:11 PM #3
- Rep Power
I have done that and the Names of groups are not common. They're: schoolname_students
Originally Posted by DMcCoy
31st December 2009, 01:57 PM #4
"Has anyone else encountered this?"
Yes and No. Assuming your AD structure is fairly flat then you could query it from a bound mac workstation using the command line utility dscl. See if the groups can be correctly accessed. For usage launch Terminal and issue man dscl. It's fairly obvious thereafter.
Do these groups appear in WorkGroup Manager? Can you see individual user membership of those groups within WorkGroup Manager? To view Active Directory LDAP records using WorkGroup Manager enable the Inspector Option. Launch WorkGroup Manager, click on the WorkGroup Manager Menu, select Preferences, enable the option to "show all records tab and inspector". You can safely dismiss the warning dialog box that follows. Don't worry about deleting or modifying the AD Schema using this method. Remember you only have read only access to a bound LDAP schema.
What you should see now is the addition of an extra icon (looks a bit like a bullseye) as well as an extra tab labelled Inspector. Select this and you should be able to authenticate to the /Active Directory/All Domains node by providing an AD admin account that has authority for the AD Domain. Select a Group you're interested in and inspect its Group membership. Does it tally with what you see in AD?
What about adding the General Domain Users Group OU instead? Would not this OU be populated with all users automatically anyway?
Antonio Rocco (ACSA)
By newbie2010 in forum Mac
Last Post: 23rd March 2012, 08:19 AM
Last Post: 26th March 2009, 06:17 PM
Last Post: 3rd December 2008, 12:02 PM
Last Post: 11th January 2008, 07:02 PM
By mattx in forum Windows
Last Post: 25th June 2007, 12:44 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)