Active Directory and Workgroup Manager

[Michael Bumbalough]

I have an AD domain setup with Panther clients joined to the domain
and authenticating with no problems. I installed a Panther server as
a domain member server to be used for file storage. Both Windows and
Mac clients can access this server shares with their AD credentials.
No problem.

Here is the issue. We are a school and would like to use Workgroup
Manager to manage the student stations. Workgroup manager shows all
the AD users and groups with out an issue, but every time I attempt to
use Workgroup Manager to set preferences on a Mac user, I get several
cryptic error messages and the changes aren't saved.

I think the problem is that Workgroup Manager can't write the settings
changes to AD. Does anybody have any ideas as to what I can do to get
Workgroup Manager going with out running two directory services?

 

[Paul Nelson]

I have an AD domain setup with Panther clients joined to the domain
and authenticating with no problems. I installed a Panther server as
a domain member server to be used for file storage. Both Windows and
Mac clients can access this server shares with their AD credentials.
No problem.

Here is the issue. We are a school and would like to use Workgroup
Manager to manage the student stations. Workgroup manager shows all
the AD users and groups with out an issue, but every time I attempt to
use Workgroup Manager to set preferences on a Mac user, I get several
cryptic error messages and the changes aren't saved.

I think the problem is that Workgroup Manager can't write the settings
changes to AD. Does anybody have any ideas as to what I can do to get
Workgroup Manager going with out running two directory services?

You would have to change your Active Directory schema to get this to work.
The reason is that the attributes that WGM wants to save in the directory
are not in the schema. Changing the schema is non-trivial.

There is a way to do managed preferences by setting up Open Directory on
your server, then creating managed groups in there that contain active
directory users. However, you can't set managed setting on an individual
user account.

You could look into ADmitMac, which will handle managed settings without
needing to change your schema. It does not require OS X server to do this.
http://www.admitmac.com

You will find a lot of info on Apple's Mac OS X server mailing list:
http://lists.apple.com/mailman/listinfo/macos-x-server

Paul Nelson
Thursby Software Systems, Inc.

 

[Michael Bumbalough]

You would have to change your Active Directory schema to get this to work.
The reason is that the attributes that WGM wants to save in the directory
are not in the schema. Changing the schema is non-trivial.

There is a way to do managed preferences by setting up Open Directory on
your server, then creating managed groups in there that contain active
directory users. However, you can't set managed setting on an individual
user account.

You could look into ADmitMac, which will handle managed settings without
needing to change your schema. It does not require OS X server to do this.
http://www.admitmac.com

You will find a lot of info on Apple's Mac OS X server mailing list:
http://lists.apple.com/mailman/listinfo/macos-x-server

Paul Nelson
Thursby Software Systems, Inc.

Thanks for the input. I looked at your product. Unfortunately, if I
understand your licensing rates, it would cost us 30 grand to
implement it at one school. This is way too expensive for us to
consider. I will continue to look for other options.

You were able to confirm my suspecions on what was wrong with the
setup that I have so thanks for the help.